Skip to content

[BUG] secured aas-env container from the BaSyx Go secured example fails to start #223

New issue
New issue
Open
#228
Open
[BUG] secured aas-env container from the BaSyx Go secured example fails to start#223
#228
Labels
bugSomething isn't working
@mm-hsh

Description

@mm-hsh
mm-hsh
opened on Mar 18, 2026

Describe the bug
The secured aas-env container from the BaSyx Go secured example fails to start.
The application stops during initialization with an OAuth access token retrieval error:

AccessTokenRetrievalException: Error occurred while retrieving access token
com.nimbusds.oauth2.sdk.TokenErrorResponse

This failure occurs during preconfiguration when the AAS Environment attempts to obtain a Keycloak token using the client‑credentials flow.

To Reproduce
Steps to reproduce the behavior:

  1. Clone the secured example:
    https://github.com/eclipse-basyx/basyx-go-components/tree/main/examples/BaSyxSecuredExample
  2. Run
docker-compose up
  1. Wait for the aas-env container to start
  2. The container terminates with a token retrieval exception during Spring Boot initialization

Log excerpt:

Error creating bean 'preconfigurationLoaderInitializer':
Error occurred while retrieving access token
com.nimbusds.oauth2.sdk.TokenErrorResponse
...
AuthorizedAASEnvironmentPreconfigurationLoader.configureSecurityContext
ClientCredentialAccessTokenProvider.getTokenResponse

Expected behavior
The secured AAS Environment container should:

  • Successfully authenticate with Keycloak
  • Retrieve an OAuth access token
  • Load preconfigured AAS environments
  • Start normally without crashing

BaSyx (please complete the following information):

  • BaSyx Version [e.g. v1.3, v2.0]
  • BaSyx SDK : Go
  • AAS Version : DotAAS V3

Screenshots
If applicable, add screenshots to help explain your problem.

Used Asset Administration files (.aasx/.json/.xml)
No AAS files used.
The error happens before any AAS file is loaded.

BaSyx configuration
Using the official secured example from:
https://github.com/eclipse-basyx/basyx-go-components/tree/main/examples/BaSyxSecuredExample
Possible issues observed:

  • Keycloak client ID/secret mismatch
  • Incorrect token endpoint URL
  • Missing realm import
  • Missing compose environment variables

Additional context

  • Only the secured AAS Environment container fails.
  • The error originates in ClientCredentialAccessTokenProvider, indicating Keycloak authentication is not configured correctly in the example.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    Support Requests

    Status

    To triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions