apache
Can't access Token with OpenID Connect authorization code flow
Hello. I'm attempting to access the Token endpoint, following the required steps, corresponding to the OIDC Authorization code flow:
-
GET request to the desired page
-
GET request to the /auth/realms/__/protocol/openid-connect/auth endpoint And from the response body I extract session_code, execution and tab_id.
-
A second GET request to the /auth/realms/__/protocol/openid-connect/auth endpoint As parameters I provide the values for: response_type, client_id and code_challenge_method and from the generated URL I extract the values for state, code_challenge and nonce
-
POST request to the authentication endpoint, using the generated variables: /auth/realms/___ /login-actions/authenticate?session_code=${session_code}&execution=${execution}&client_id=____&tab_id=${tab_id} and in body data I provide the required username and password.
-
I extract the code from the Response headers of the previous request
-
Send a POST request to the Token endpoint, using the code + a code verifier, generated using the code challenge + the hash method.
Expected result: Access token is displayed in response Actual result: An error message {"error":"invalid_grant","error_description":"User session not found"} is displayed
The same flow is working successfully in Postman. I can't seem to figure out the reason behind it. Any help would be highly appreciated.
JMeter Version: 8.6.2
Java Version: 1.8.0_391
