Skip to main content

Testing & Troubleshooting

Visit https://portal.uaagi-uno.com.
You should be auto-redirected to the Keycloak login page.
Enter credentials and sign in.
You should land on the Dealership Portal with dealership tiles grouped by region:

Dealership Portal after successful login

Click a dealership tile ("Access System").
You should be auto-authenticated on the dealership's Odoo instance (no second login).

Test the logout flow

From a dealership instance, click user menu > Log out.
You should be redirected to the Keycloak logout endpoint.
After logout, you should land on the portal login page (/web/login?direct=1).
Visiting any instance should now require re-authentication.

Common errors

Symptom	Likely cause	Fix
`invalid_request` on login	Access token sent as query param instead of Bearer header	Verify `uaagi_dealership_portal` module is installed — it overrides `_auth_oauth_rpc` to use Bearer headers
`invalid_grant` on code exchange	PKCE mismatch or missing	Check client's Advanced > PKCE is set to `S256`
`Realm does not exist`	Typo in OAuth endpoint URLs	Ensure all URLs use `.../realms/uaagi-dealerships/...`
`Invalid redirect URI`	Callback URL not registered in client	Add `https://<domain>/auth_oauth/signin` to the client's Valid redirect URIs
Post-logout redirect blocked	Portal URL missing from dealership client	Add `https://portal.uaagi-uno.com/` to Valid post logout redirect URIs*
User sees no dealership tiles	Empty `allowed_dealerships` attribute	Check the user's Attributes tab in Keycloak — values must match `keycloak_client_id` in Odoo
User created as portal user in Odoo	Module not overriding user creation	Verify `uaagi_dealership_portal` is installed and `_generate_signup_values` adds `base.group_user`
`AccessDenied` on first OAuth login	`auth_signup.invitation_scope` is not `b2c`	Expected — the module bypasses this via `_auth_oauth_signin` override. If error persists, check module is loaded

Useful Keycloak admin pages

Page	Path	Use
Sessions	Manage > Sessions	View active SSO sessions, force-logout users
Events	Manage > Events	Audit login/logout events, debug auth failures
Client scopes	Manage > Client scopes	Verify `profile`, `email`, `roles` are in default scopes

OpenID endpoint reference

All endpoints for the uaagi-dealerships realm:

Endpoint	URL
Authorization	`https://sso.uaagi-uno.com/realms/uaagi-dealerships/protocol/openid-connect/auth`
Token	`https://sso.uaagi-uno.com/realms/uaagi-dealerships/protocol/openid-connect/token`
UserInfo	`https://sso.uaagi-uno.com/realms/uaagi-dealerships/protocol/openid-connect/userinfo`
Logout	`https://sso.uaagi-uno.com/realms/uaagi-dealerships/protocol/openid-connect/logout`
JWKS	`https://sso.uaagi-uno.com/realms/uaagi-dealerships/protocol/openid-connect/certs`
Well-Known	`https://sso.uaagi-uno.com/realms/uaagi-dealerships/.well-known/openid-configuration`

Test the login flow
Test the logout flow
Common errors
Useful Keycloak admin pages
OpenID endpoint reference