版本: 7.1-7.15
简而言之,当Elasticsearch在OAuth2认证过程中无法使用授权码交换ID令牌时,就会出现此错误。这可能是由于配置设置不正确、网络问题或授权码无效导致的。要解决此问题,请确保OAuth2设置配置正确,检查网络连接,并验证授权码有效且未过期。同时,确保令牌端点已正确设置且可访问。
Log Context #
日志"Failed to exchange code for Id Token using Token Endpoint.“的类名是 OpenIdConnectAuthenticator.java。我们从Elasticsearch源代码中提取了以下内容,供那些寻求深入了解的人参考:
for (Map.Entry> entry : clientSecretJWT.toParameters().entrySet()) {
// Both client_assertion and client_assertion_type are singleton lists
params.add(new BasicNameValuePair(entry.getKey(), entry.getValue().get(0)));
}
} else {
tokensListener.onFailure(new ElasticsearchSecurityException("Failed to exchange code for Id Token using Token Endpoint." +
"Expected client authentication method to be one of " + OpenIdConnectRealmSettings.CLIENT_AUTH_METHODS
+ " but was [" + rpConfig.getClientAuthenticationMethod() + "]"));
}
httpPost.setEntity(new UrlEncodedFormEntity(params));
SpecialPermission.check();
