Immich and Keycloak setup issue

Hi everyone, i am really struggling setting up immich with my Keycloak OIDC server. Had anyone any luck? Keycloak seems to not like immich request when sent from the mobile app (the web works) as I get this in the logs. I set up a new client normally, I added app.immich:///oauth-callback to the redirect URLs (also tried the alternative URL from the settings) but Keycloak replies 500 after the user enters the credentials. Any idea? Thanks!

Keycloak logs:

type="CODE_TO_TOKEN_ERROR", realmId="c07852ad-bea7-49bf-a086-fae43cc38830", realmName="PRIVATE", clientId="immich", userId="bdc33746-558f-4d07-abaa-6bc2f795f416", sessionId="f806691d-a686-4fc3-b23b-4352037e4b47", ipAddress="10.0.100.3", error="invalid_code_verifier", reason="Invalid code verifier", grant_type="authorization_code", code_id="f806691d-a686-4fc3-b23b-4352037e4b47", client_auth_method="client-secret"

type="CODE_TO_TOKEN_ERROR", realmId="c07852ad-bea7-49bf-a086-fae43cc38830", realmName="PRIVATE", clientId="immich", userId="bdc33746-558f-4d07-abaa-6bc2f795f416", sessionId="f806691d-a686-4fc3-b23b-4352037e4b47", ipAddress="10.0.100.3", error="invalid_code_verifier", reason="Invalid code verifier", grant_type="authorization_code", code_id="f806691d-a686-4fc3-b23b-4352037e4b47", client_auth_method="client-secret"

Immich logs:

2025-04-25 10:40:29.890683+00:00ResponseBodyError: server responded with an error in the response body
2025-04-25 10:40:29.890722+00:00at checkOAuthBodyError (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:865:19)
2025-04-25 10:40:29.890752+00:00at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
2025-04-25 10:40:29.890786+00:00at async processGenericAccessTokenResponse (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:1141:5)
2025-04-25 10:40:29.890813+00:00at async processAuthorizationCodeOAuth2Response (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:1373:20)
2025-04-25 10:40:29.890839+00:00at async authorizationCodeGrant (file:///usr/src/app/node_modules/openid-client/build/index.js:850:18)
2025-04-25 10:40:29.890866+00:00at async OAuthRepository.getProfile (/usr/src/app/dist/repositories/oauth.repository.js:52:28)
2025-04-25 10:40:29.890896+00:00at async AuthService.callback (/usr/src/app/dist/services/auth.service.js:137:25)

2025-04-25 10:40:29.890683+00:00ResponseBodyError: server responded with an error in the response body
2025-04-25 10:40:29.890722+00:00at checkOAuthBodyError (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:865:19)
2025-04-25 10:40:29.890752+00:00at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
2025-04-25 10:40:29.890786+00:00at async processGenericAccessTokenResponse (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:1141:5)
2025-04-25 10:40:29.890813+00:00at async processAuthorizationCodeOAuth2Response (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:1373:20)
2025-04-25 10:40:29.890839+00:00at async authorizationCodeGrant (file:///usr/src/app/node_modules/openid-client/build/index.js:850:18)
2025-04-25 10:40:29.890866+00:00at async OAuthRepository.getProfile (/usr/src/app/dist/repositories/oauth.repository.js:52:28)
2025-04-25 10:40:29.890896+00:00at async AuthService.callback (/usr/src/app/dist/services/auth.service.js:137:25)

Immich and Keycloak setup issue

type="CODE_TO_TOKEN_ERROR", realmId="c07852ad-bea7-49bf-a086-fae43cc38830", realmName="PRIVATE", clientId="immich", userId="bdc33746-558f-4d07-abaa-6bc2f795f416", sessionId="f806691d-a686-4fc3-b23b-4352037e4b47", ipAddress="10.0.100.3", error="invalid_code_verifier", reason="Invalid code verifier", grant_type="authorization_code", code_id="f806691d-a686-4fc3-b23b-4352037e4b47", client_auth_method="client-secret"

type="CODE_TO_TOKEN_ERROR", realmId="c07852ad-bea7-49bf-a086-fae43cc38830", realmName="PRIVATE", clientId="immich", userId="bdc33746-558f-4d07-abaa-6bc2f795f416", sessionId="f806691d-a686-4fc3-b23b-4352037e4b47", ipAddress="10.0.100.3", error="invalid_code_verifier", reason="Invalid code verifier", grant_type="authorization_code", code_id="f806691d-a686-4fc3-b23b-4352037e4b47", client_auth_method="client-secret"

Immich logs:

2025-04-25 10:40:29.890683+00:00ResponseBodyError: server responded with an error in the response body
2025-04-25 10:40:29.890722+00:00at checkOAuthBodyError (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:865:19)
2025-04-25 10:40:29.890752+00:00at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
2025-04-25 10:40:29.890786+00:00at async processGenericAccessTokenResponse (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:1141:5)
2025-04-25 10:40:29.890813+00:00at async processAuthorizationCodeOAuth2Response (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:1373:20)
2025-04-25 10:40:29.890839+00:00at async authorizationCodeGrant (file:///usr/src/app/node_modules/openid-client/build/index.js:850:18)
2025-04-25 10:40:29.890866+00:00at async OAuthRepository.getProfile (/usr/src/app/dist/repositories/oauth.repository.js:52:28)
2025-04-25 10:40:29.890896+00:00at async AuthService.callback (/usr/src/app/dist/services/auth.service.js:137:25)

2025-04-25 10:40:29.890683+00:00ResponseBodyError: server responded with an error in the response body
2025-04-25 10:40:29.890722+00:00at checkOAuthBodyError (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:865:19)
2025-04-25 10:40:29.890752+00:00at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
2025-04-25 10:40:29.890786+00:00at async processGenericAccessTokenResponse (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:1141:5)
2025-04-25 10:40:29.890813+00:00at async processAuthorizationCodeOAuth2Response (file:///usr/src/app/node_modules/oauth4webapi/build/index.js:1373:20)
2025-04-25 10:40:29.890839+00:00at async authorizationCodeGrant (file:///usr/src/app/node_modules/openid-client/build/index.js:850:18)
2025-04-25 10:40:29.890866+00:00at async OAuthRepository.getProfile (/usr/src/app/dist/repositories/oauth.repository.js:52:28)
2025-04-25 10:40:29.890896+00:00at async AuthService.callback (/usr/src/app/dist/services/auth.service.js:137:25)

Immich and Keycloak setup issue

Similar Threads

Immich and Keycloak setup issue

Similar Threads

Similar Threads

Similar Threads