<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi<br>
<br>
Custom social provider works like a charm, I created PR #2058 for KC
1.8 branch. I'll provide another PR for master branch later once
module re-org will be done.<br>
<br>
Vlastimil<br>
<br>
<div class="moz-cite-prefix">On 19.1.2016 13:54, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAeH+mGAgBt5w16RSZrzRdvGzf4xBBWptPYhzeTK_FLHHg@mail.gmail.com"
type="cite">
<div dir="ltr">According to <a moz-do-not-send="true"
href="https://msdn.microsoft.com/en-us/library/hh243649.aspx#get_access_rest">https://msdn.microsoft.com/en-us/library/hh243649.aspx#get_access_rest</a>
it should return an access_token. Then there's <a
moz-do-not-send="true"
href="https://msdn.microsoft.com/en-us/library/hh243649.aspx#use_access_rest"><a class="moz-txt-link-freetext" href="https://msdn.microsoft.com/en-us/library/hh243649.aspx#use_access_rest">https://msdn.microsoft.com/en-us/library/hh243649.aspx#use_access_rest</a></a>
to get the user info, but you're right it's being included as a
query param (which is stupid btw).</div>
</blockquote>
<br>
:-D<br>
<br>
<blockquote
cite="mid:CAJgngAeH+mGAgBt5w16RSZrzRdvGzf4xBBWptPYhzeTK_FLHHg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>As they are not doing OIDC I guess you'll have to do a
social provider for it.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 19 January 2016 at 13:36, Vlastimil
Elias <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:velias@redhat.com" target="_blank">velias@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class=""> <br>
<br>
<div>On 19.1.2016 12:54, Stian Thorgersen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I wouldn't think it is. OpenID Connect
usually is '.../userinfo'. As long as '/me' returns
json you can use mappers to do whatever you'd like
though.</div>
</blockquote>
<br>
</span> But MS Live API /me operation do not accept Bearer
Authorization header, documentation says access token must
be sent as GET param, so it looks like User Info URL will
not work as it sends Bearer header :-(<br>
<br>
<br>
I tried to use general OIDC connector but I end up with<br>
13:09:25,763 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider]
Failed to make identity provider oauth callback<br>
org.keycloak.broker.provider.IdentityBrokerException: No
access_token from server.<br>
at
org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:269)<br>
at
org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:206)<br>
at
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:229)<br>
<br>
It is strange, looks like Token URL doesn't return
access_token, it only returns id_token. Response is like<br>
{"id_token":"eyJ0eXAiOiJKV1Qi....","id_token_expires_in":86400}<br>
<br>
Any idea what may be wrong? Should this id_token be used
instead of access token? If yes then I can resolve this
problem in custom social provider.<span class="HOEnZb"><font
color="#888888"><br>
<br>
Vlastimil</font></span>
<div>
<div class="h5"><br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">On 19 January 2016 at
12:22, Vlastimil Elias <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:velias@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:velias@redhat.com">velias@redhat.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span> <br>
<br>
<div>On 19.1.2016 12:09, Stian Thorgersen
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 19
January 2016 at 12:06, Vlastimil
Elias <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:velias@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:velias@redhat.com">velias@redhat.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000"
bgcolor="#FFFFFF"> Hi<span><br>
<br>
<div>On 19.1.2016 11:52,
Stian Thorgersen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">If you can
get it in today or
tomorrow (early) we can
add it to 1.8.0.CR2.</div>
</blockquote>
<br>
</span> will try to do this, I
will provide PR against
branche and the another
against master<span><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>You should also be
able to use the
generic OpenID Connect
provider.</div>
</div>
</blockquote>
<br>
</span> I though about it, but
if I understand it correctly I
will not be able to get users
name, surname and email this
way, as it is not provided in
OAuth 2 and it requires
another REST call in common
social providers.</div>
</blockquote>
<div><br>
</div>
<div>Do they not have an userinfo
endpoint?</div>
</div>
</div>
</div>
</blockquote>
<br>
</span> They have some REST endpoint at /me
path, see doc at <a moz-do-not-send="true"
href="https://msdn.microsoft.com/en-us/library/hh826534.aspx"
target="_blank">https://msdn.microsoft.com/en-us/library/hh826534.aspx</a><br>
But I'm not sure if it match some standard
or rules so <span>generic OpenID Connect
provider can use it. What is format for
UserInfo endpoint to be useful for this
provider? Keycloak documentation do not
provide any useful info about requirements
for this URL (eg link to some
specification).<span><font color="#888888"><br>
<br>
Vlastimil<br>
</font></span></span>
<div>
<div><br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000"
bgcolor="#FFFFFF"><span><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Adding it
yourself would
require also adding
templates in admin
theme, shouldn't be
a big deal as you
only need that one
template and the
rest you'd inherit
from Keycloak theme.</div>
</div>
</blockquote>
<br>
</span> I see<br>
<br>
Thanks
<div>
<div><br>
<br>
<blockquote type="cite">
<div
class="gmail_extra"><br>
<div
class="gmail_quote">On
19 January 2016 at
11:10, Vlastimil
Elias <span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:velias@redhat.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:velias@redhat.com">velias@redhat.com</a></a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">Hi,<br>
<br>
I need Social
login provider
for Microsoft
Live account. I
can implement<br>
it as I did few
other social
login providers
already.<br>
<br>
Problem is that
I need it in
Keycloak 1.8.
Any chance to
add it to 1.8<br>
if I will be
quick enough (PR
today or
tomorrow)? It is
OAuth2 based<br>
provider so impl
should be easy.<br>
<br>
If not in KC 1.8
release, is it
possible to add
social provider
as<br>
customization to
my KC instance
only? It is
common provider
factory so<br>
it should be
possible I hope,
but it also
requires some
template in<br>
admin theme, so
I'm not sure
(probably I have
to create my
customized<br>
admin theme in
this case).<br>
<br>
I definitely
prefer to have
it in upstream
if possible.<br>
<span><font
color="#888888"><br>
Vlastimil<br>
<br>
--<br>
Vlastimil
Elias<br>
Principal
Software
Engineer<br>
Developer
Portal
Engineering
Team<br>
<br>
<br>
<br>
_______________________________________________<br>
keycloak-dev
mailing list<br>
<a
moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></a><br>
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></a><br>
</font></span></blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre cols="72">--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
<pre cols="72">--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre cols="72">--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
</body>
</html>