RocketChat version 3.4.2 port 3000
Nginx port 443. >> is it possible nginx is messing with the uri ?
Lets Encrypt Nginx certificate
OS Ubuntu 18
Local installation on AWS EC2 node
DNS set in GoDaddy
Keycloak version 10.0.2
Lets Encrypt / keystore
OS Ubuntu 18
Local installation on AWS EC2 node
DNS set in GoDaddy
URI setting in Keycloak for rocket-chat client is: https:///_oauth/keycloak
Keycloak option shows up in login screen
when selected popup asks for credentials
goes back to Rocket chat login screen without logging in, a small screen appears upper right corner which says “Undefined”
Keycloak shows the user with a session token
However in Rockechat log I see this error:
Jul 24 19:09:25 rocket rocketchat[15068]: {“line”:“403”,“file”:“oauth_server.js”,“message”:“Error in OAuth Server: Failed to complete OAuth handshake with keycloak at https://keycloak.my-domain:8443/auth/realms/fastslk.com/protocol/openid-connect/token. failed [400] {“error”:“invalid_grant”,“error_description”:“Incorrect redirect_uri”}”,“time”:{"$date":1595617765765},“level”:“warn”}
Jul 24 19:09:26 rocket rocketchat[15068]: API ➔ debug POST: /api/v1/method.callAnon/login
Jul 24 19:09:26 rocket rocketchat[15068]: API ➔ debug Success {
Jul 24 19:09:26 rocket rocketchat[15068]: statusCode: 200,
Jul 24 19:09:26 rocket rocketchat[15068]: body: {
Jul 24 19:09:26 rocket rocketchat[15068]: message: ‘{“msg”:“result”,“id”:“105”,“error”:{“message”:“Failed to complete OAuth handshake with keycloak at https://keycloak.my-domain:8443/auth/realms/fastslk.com/protocol/openid-connect/token. failed [400] {\“error\”:\“invalid_grant\”,\“error_description\”:\“Incorrect redirect_uri\”}”,“response”:{“statusCode”:400,“content”:"{\“error\”:\“invalid_grant\”,\“error_description\”:\“Incorrect redirect_uri\”}",“headers”:{“cache-control”:“no-store”,“x-xss-protection”:“1; mode=block”,“pragma”:“no-cache”,“x-frame-options”:“SAMEORIGIN”,“date”:“Fri, 24 Jul 2020 19:09:25 GMT”,“connection”:“close”,“strict-transport-security”:“max-age=31536000; includeSubDomains”,“x-content-type-options”:“nosniff”,“content-type”:“application/json”,“content-length”:“70”},“data”:{“error”:“invalid_grant”,“error_description”:“Incorrect redirect_uri”}}}}’,
Jul 24 19:09:26 rocket rocketchat[15068]: success: true
Guide: ://docs.rocket.chat/guides/administrator-guides/authentication/oauth/keycloak