I am using Postman with the Authorization code type OAuth 2.0 to generate an access token for my APIs. This setup is configured to use Keycloak as the authentication provider. Everything works as expected when i log in using Keycloak user credentials. However, when i attempt to log in using Github as identity provider, I encounter an error at the final stage. The error message is as follows:
POST https://{host:port}/realms/{myrealm}/protocol/openid-connect/token
Response Body: {"error":"invalid_grant","error_description":"Code not valid"}
Steps to reproduce:
Keycloak version: 21.1.1
In Keycloak, I create a GitHub Identity Provider within my realm and provide the ClientId and ClientSecret of my GitHub OAuth application. I also enable token storage. Note: The "First Login flow" is set to "first broker login," and the "Post login flow" is set to "None."
On GitHub, I set the homepage URL and the authorization callback URL as the Redirect URI for the Keycloak Identity Provider for GitHub.
In Postman, under the Authorization tab, I configure OAuth 2.0 as follows:
Token name: testing
Grant type: Authorization Code
Auth URL: https://{host:port}/realms/{myrealm}/protocol/openid-connect/auth
Access Token URL: https://{host:port}/realms/{myrealm}/protocol/openid-connect/token
ClientId: The ClientId of my client application in Keycloak
ClientSecret: The ClientSecret of my client application in Keycloak
Client Authentication: Send as Basic Auth header
Note: I made sure that it is not using the same authorization code by regenerating the client secret for my client application and it is still not working.
I resolved this issue by enabling key features during the Keycloak installation, including preview, token_exchange, and admin_fine_grained_authz.