We are integrating Azure AD B2C with Keycloak (version 26) using OIDC as an external identity provider.
Environment / Configuration details:
-
Keycloak version: 26
-
Azure AD B2C policy: Public client flow (existing application)
-
Client type: Public client
-
Credentials: We are using the same Azure AD B2C application credentials and configuration that are already working for an existing application
-
Integration: Azure AD B2C configured as an OIDC Identity Provider in Keycloak
During user authentication, the login fails and Keycloak logs the following error:
ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider]
Failed to make identity provider oauth callback:
org.keycloak.broker.provider.IdentityBrokerException:
No access_token from server. error='null', error_description='null', error_uri='null'
at org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken
at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse
This is followed by:
type="IDENTITY_PROVIDER_LOGIN_ERROR"
error="identity_provider_login_failure"
It appears that Keycloak is not receiving an access_token from Azure AD B2C after the OAuth callback, even though the same Azure AD B2C app and policy work correctly for another application.
Has anyone faced this issue with Keycloak 26 and Azure AD B2C, especially when using a public client flow?
Could this be related to:
-
Required scopes (
openid,profile, etc.) -
Response type / response mode
-
Authorization Code vs implicit flow handling in Keycloak 26
-
Azure AD B2C user flow or app registration settings
Any insights or troubleshooting steps would be greatly appreciated.