Menu
I am calling /auth/realms/master/protocol/openid-connect/token to get access token by sending below content in body, grant_type=password&client_id=example-docker-jaxrs-app&username=user&password=password&client_secret=1d27aedd-11c2-4ed2-97d5-c586e1f9b3cd
but when I put update password as required action to user from keycloak admin console getting following error when try to get token by above mentioned api,
{ "error": "invalid_grant", "error_description": "Account is not fully set up" } one more thing, What is difference in 2 setting, Temporary password and Update password Required action ?
551
To get a new access token with a refresh token, in the request to get the access token, you just need to pass grant_type=refresh_token, the value of the refresh token that we had in the previous request to get the access token, client ID and client secret.
The refresh tokens lifespan is defined by the "Client Session Max" parameter in the "Tokens" tab of the Realm settings. It can also be overridden on individual clients level under the "Advanced Settings" menu of the client settings page. The maximum time before a refresh token is expired and invalidated.
Navigate to the Postman Authorization tab of your request. From the Type dropdown menu, select OAuth 2.0: Click on the Get New Access Token button that will open a dialog box for configuring the identity server (Keycloak in our case).
If you mark the password as temporary a user action to update password is marked as required.
And until the password has been updated/set by the user i.e. this action has been completed, you won't be able to get an access token using this user since the account is not "fully setup" and is in a kind of intermediate state where an action is required to complete the setup.
82
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
