keycloak/keycloak

OAuth2.1 Client-Policy prevents update of client

Open

#30,140 opened on Jun 4, 2024

View on GitHub
 (4 comments) (0 reactions) (0 assignees)Java (8,346 forks)batch import
area/authenticationhelp wantedkind/bugpriority/lowteam/core-clients

Repository metrics

Stars
 (34,398 stars)
PR merge metrics
 (Avg merge 6d 19h) (384 merged PRs in 30d)

Description

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

authentication

Describe the bug

I have a client policy with the condition "client-access-type=confidential" and the policy "oauth-2-1-for-confidential-client"

When I now open an affected client in the keycloak admin console, change its settings and try to safe, I get an error: {"error":"invalid_client_metadata","error_description":"Invalid client metadata: token_endpoint_auth_method"}

Version

24.0.4

Regression

  • The issue is a regression

Expected behavior

Client settings should be changeable in the keycloak admin console no matter the client policies.

Actual behavior

The client policy prevents an update of the client settings via the keycloak admin console.

How to Reproduce?

Create a confidential client. Create a client policy as described previously. Try to update the settings of the client.

Anything else?

No response

Contributor guide