diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index 00b45ba..70b3ebb 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -679,11 +679,10 @@ public class AccountService {
try {
ClientSessionModel clientSession = auth.getClientSession();
- clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE);
+ ClientSessionCode clientSessionCode = new ClientSessionCode(realm, clientSession);
+ clientSessionCode.setAction(ClientSessionModel.Action.AUTHENTICATE);
clientSession.setRedirectUri(redirectUri);
clientSession.setNote(OpenIDConnect.STATE_PARAM, UUID.randomUUID().toString());
- clientSession.setNote(ClientSessionCode.ACTION_KEY, KeycloakModelUtils.generateCodeSecret());
- ClientSessionCode clientSessionCode = new ClientSessionCode(realm, clientSession);
URI url = UriBuilder.fromUri(this.uriInfo.getBaseUri())
.path(AuthenticationBrokerResource.class)
