[keycloak-user] token_type "bearer" vs "Bearer"
Marek Posolda
mposolda at redhat.com
Wed Sep 16 13:08:03 EDT 2015
Funny, OIDC specs itself also has one place when it uses "bearer" . See
the example:
http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse .
Feel free to create JIRA and we can change to "Bearer" . Still, it looks
to me more like a bug in django-oidc, which should ignore cases.
Marek
On 16/09/15 18:21, Iván Perdomo wrote:
> Hi,
>
> We're trying to integrate a Python/Django application using the
> following module https://github.com/marcanpilami/django-oidc and
> Keycloak 1.4.0.Final
>
>
> After a successful user login the process fails because a simple check
> in python:
>
> if token.token_type == "Bearer" and method == "GET":
>
> Right now Keycloak is returning `token_type` as "bearer" and not "Bearer"
>
> Reading the OpenID Connect spec in the section "3.1.3.3. Successful
> Token Response"
> (https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse)
>
>> The OAuth 2.0 token_type response parameter value MUST be Bearer, as >
> specified in OAuth 2.0 Bearer Token Usage [RFC6750], unless another
>> Token Type has been negotiated with the Client.
> I checked and the code sets token_type manually,
>
> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java#L472
>
> Can this be considered a bug?
>
> Thanks,
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150916/a832e981/attachment.html
More information about the keycloak-user
mailing list