Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-1081

POST to /realms/{realm}/account/password results in server 500 when using Bearer Auth

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Rejected
    • Affects Version/s: 1.1.0.Final
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      Login via some method that provides a token.
      Attempt to submit a POST against /realms/

      {realm}

      /account/password using an Authorization: Bearer header containing your token
      Notice a server error 500 is returned due to missing stateChecker value

      Show
      Login via some method that provides a token. Attempt to submit a POST against /realms/ {realm} /account/password using an Authorization: Bearer header containing your token Notice a server error 500 is returned due to missing stateChecker value

      Description

      When I POST to the form at /realms/

      {realm}

      /account/password using a Bearer Auth the password does reset but I get a 500 status back from Keycloak. The issue is that it is trying to rebuild an html response from the ‘password.ftl’ template and it does not have a value for ‘stateChecker’.

      After reviewing the code on github I found that if you use Bearer Auth, AccountService.init() never initializes a value to stateChecker. So even though I passed one in as a cookie on the POST and inside the form itself it never gets read. The workaround is to use cookies only to handle the authentication mechanism; specifically KEYCLOAK_STATE_CHECKER and KEYCLOAK_IDENTITY and not include Bearer authentication at all. So there is a workaround and it requires the use of cookies only and not Bearer Auth.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  daniel.baxter Daniel Baxter
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: