Keycloak, not returning access token if update password action selected
I am calling /auth/realms/master/protocol/openid-connect/token to get access token by sending below content in body,
grant_type=password&client_id=example-docker-jaxrs-app&username=user&password=password&client_secret=1d27aedd-11c2-4ed2-97d5-c586e1f9b3cd
but when I put update password as required action to user from keycloak admin console getting following error when try to get token by above mentioned api,
{
"error": "invalid_grant",
"error_description": "Account is not fully set up"
}
one more thing, What is difference in 2 setting, Temporary password and Update password Required action ?
Answer
If you mark the password as temporary a user action to update password is marked as required.
And until the password has been updated/set by the user i.e. this action has been completed, you won't be able to get an access token using this user since the account is not "fully setup" and is in a kind of intermediate state where an action is required to complete the setup.