Error during login

[kraeks]

What could be the reason for this error:

Traceback (innermost last):

Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
Module ZPublisher.WSGIPublisher, line 391, in publish_module
Module ZPublisher.WSGIPublisher, line 285, in publish
Module ZPublisher.mapply, line 98, in mapply
Module ZPublisher.WSGIPublisher, line 68, in call_object
Module pas.plugins.oidc.browser.view, line 269, in call
Module oic.oic, line 984, in do_user_info_request
oic.exception.RequestError

[macagua]

@kraeks you need to share all the traceback the error, and explains the context when happens the error

[david-batranu]

TLDR: Make sure to add openid to Open ID scopes to request to the server in http://localhost:8080/Plone/acl_users/oidc/manage_propertiesForm. This was entirely my fault as this was already specified in the documentation but due to being new to Keycloak I didn't understand what it meant.

---

This also happened for me when testing the plugin on a clean Plone 6.0.13, Keycloak 25.0.6 and pas.plugins.oidc 1.0.0 (grabbed by default from PyPI without a version pin). The error in Keycloak is

2024-09-20 18:16:33,574 WARN  [org.keycloak.events] (executor-thread-56) type="USER_INFO_REQUEST_ERROR", realmId="ec493896-05c7-4c68-9833-e52f7eefab1c", realmName="Cerebrate", clientId="null", userId="null", ipAddress="0:0:0:0:0:0:0:1", error="invalid_token", reason="Token is not active", auth_method="validate_access_token"

It works after doing the folowing:

• updating to pas.plugins.oidc 2.0.0b1 (latest available at this time)
• adding openid to Open ID scopes to request to the server in http://localhost:8080/Plone/acl_users/oidc/manage_propertiesForm (for some reason this was missing but due to a helpful error message it was easily fixed - ERROR [pas.plugins.oidc:196][waitress-2] Authentication failed, probably missing openid scope)

After the above worked I downgraded to 1.0.0 again and it worked, aparently it would have been sufficient to add openid to the scopes field.