Keycloak / Angular - Always "invalid redirect_uri"

Question

I have now looked through various questions & answers here, but cannot find a solution. The login and its redirect work perfectly. Only when I log in, I always get "invalid redirect_uri". The URL returns exactly the address of the service:

Service-URL: https://subdomain.subdomain.xy-lab.ch Redirect-URI in URL: https://subdomain.subdomain.xy-lab.ch/ (https://lernoase-auth.subdomain.xy-lab.ch/realms/Lernnomaden/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fsubdomain.subdomain.xy-lab.ch)

I have tested all possible combinations of the URL in Keycloak. With and without HTTPS, "" "/" & "/*", etc. What could be the reason?

My Keycloak-Config for ln-frontend looks like this:

Angular I used keycloak-angular and is configured as follows:

// enviroment.json
const keycloakConfig: KeycloakConfig = {
  url: 'https://lernoase-auth.subdomain.xy-lab.ch/',
  realm: 'Lernnomaden',
  clientId: 'ln-frontend',
};

// keycloak-initializer.js
export function initializer(keycloak: KeycloakService): () => Promise<boolean> {
  const options: KeycloakOptions = {
    config: environment.keycloak,
    loadUserProfileAtStartUp: true,
    initOptions: {
      onLoad: 'check-sso',
      silentCheckSsoRedirectUri: window.location.origin + '/assets/silent-check-sso.html',
    },
  };

  return () => keycloak.init(options);
}

Answer 1

Depending on which keycloak version you are using, problems can arise if you enter the same redirect url in different formats.

you can try the following:

delete all valid redirect urls and set just one entry:

https://subdomain.subdomain.xy-lab.ch (I think it was for Keycloak >12)

https://subdomain.subdomain.xy-lab.ch/* (Keycloak < 12)

Otherwise, you can try to set the wildcard: * as redirect url to test if it is a configuration problem in your keycloak client. But please dont use the wildcard in production!