invalid_code error in keycloak when gerrit request access token

Question

invalid_code error in keycloak when gerrit request access token

ioriqqe opened this issue 5 years ago · 2 comments

Hi David,
I followed your guide from README that deploy both gerrit and keycloak on the same host and it works fine.
But if I tried to deploy gerrit and keycloak separated on different subnet,it will get invalid_code error in keycloak when the first time gerrit redirect to keycloak to login.Here is the error log from keycloak:

10:53:18,116 WARN [org.keycloak.protocol.oidc.utils.OAuth2CodeParser] (default task-12) Code '1dd43485-a74e-4282-a2f4-e6631f03d441' already used for userSession '2583fa2e-6984-4694-a013-9ac19cf9d82d' and client '21aac9da-7eaa-4070-ab9f-699152972cb4'.
10:53:18,118 WARN [org.keycloak.events] (default task-12) type=CODE_TO_TOKEN_ERROR, realmId=master, clientId=gerrit, userId=null, ipAddress=10.244.1.0, error=invalid_code, grant_type=authorization_code, code_id=2583fa2e-6984-4694-a013-9ac19cf9d82d, client_auth_method=client-secret

Does keycloak-gerrit-oauth-provider support that deploying gerrit and keycloak on different subnet.
If yes,is there any specific configuration needed.
Much appreciate for any feedback.

Thanks
Shuang

Answer 1 · 2020-04-13T13:12:18.000Z

That's strange. Why would it be an issue on dedicated host?

Answer 2 · 2020-04-13T15:20:48.000Z

I think the reason is that the dedicated hosts are on different subnets.
There is no such issue if they are in the same subnet.