[keycloak-user] OAuth Access Token Response in XML

Stian Thorgersen sthorger at redhat.com
Mon Jul 4 13:42:20 EDT 2016 

Well.. This is OpenID Connect and the response should be in JSON. You
should tell your user to parse the JSON and not expect XML.

If he really wants XML then maybe he'd be happy with using SAML instead.

I'd recommend against doing something custom, but you can in theory do that
with either the protocol SPI or the rest resource spi.

On 4 July 2016 at 19:32, Aswini Sarathi <asarathi at vizuri.com> wrote:

>  I tried getting a token using the token endpoint with grant type as
> "password" and this is what I got in the response and the content-type was
> set to application/json in the header. My question  is what would I need to
> do if I want the below response in xml. I have a user who wants to parse a
> XML response instead and get the access token. Please let me know if I am
> not doing anything correctly.
>
> {
>   "access_token":
> "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJjZWVjZmNiZS1lODJmLTQ2MWQtODljMi05MGY0NGZiNTcwNTIiLCJleHAiOjE0Njc2NTM1MDgsIm5iZiI6MCwiaWF0IjoxNDY3NjUzMjA4LCJpc3MiOiJodHRwOi8vdml6MDIubmV0MzIubmV0OjgwODAvYXV0aC9yZWFsbXMvTmV0MzIiLCJhdWQiOiJWZW5kb3JBUEkiLCJzdWIiOiIxYjhhZWJkNC1iNDU0LTQzYTYtODRlOS05MmQxMjc1NGFmNDUiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJWZW5kb3JBUEkiLCJzZXNzaW9uX3N0YXRlIjoiOWNhOTYxYzktMWI4OC00NzhlLWI0OTEtNTE1YWZiMDYwZTY1IiwiY2xpZW50X3Nlc3Npb24iOiI1MDgxNGZjMi02NWIwLTQ4YmYtYWY3OS04ZDZmODlhMWFkODciLCJhbGxvd2VkLW9yaWdpbnMiOltdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsidmVuZG9yIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiIiLCJ2ZW5kb3JJZCI6MTg5NTUsInByZWZlcnJlZF91c2VybmFtZSI6InRyYWRlYWx6In0.faGKCcK79sLrYRxCdXHo7iaROKDXJjXsUh83PdnbV2DVWJ5HlaA735zhCoM2XJ3Fn4HIg68zjQy4Q__eC8_UcXDi_qcVz3qcHLhKRHX3xZXMWwaSGrIgmcU--0ntH4Ot4qDayolzk4xOdXahMdRQW4u0Cwiwsfi715TipP0IgOK4B4VcsdbBFF5UlQFwUDTkaKiI8kST-XK6elZcbUGjheVo5qU5-_uVZX9c2DBTyPJ2BRn6UEGfpXigqXEoQS6MXWj4aLiI4vIo8cTQ0dfTbontQMsv17wUif-IikHwoYWkI9TFCBo0Knh3l7D2Z6rEZc8UvmQNeGqRaMVvWN0_TA",
>   "expires_in": 300,
>   "refresh_expires_in": 1800,
>   "refresh_token":
> "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJjNzZlMjcxZS1hNjYxLTQwMjEtOGNiOC0yOWM2MjRmMTE4ZDIiLCJleHAiOjE0Njc2NTUwMDgsIm5iZiI6MCwiaWF0IjoxNDY3NjUzMjA4LCJpc3MiOiJodHRwOi8vdml6MDIubmV0MzIubmV0OjgwODAvYXV0aC9yZWFsbXMvTmV0MzIiLCJhdWQiOiJWZW5kb3JBUEkiLCJzdWIiOiIxYjhhZWJkNC1iNDU0LTQzYTYtODRlOS05MmQxMjc1NGFmNDUiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiVmVuZG9yQVBJIiwic2Vzc2lvbl9zdGF0ZSI6IjljYTk2MWM5LTFiODgtNDc4ZS1iNDkxLTUxNWFmYjA2MGU2NSIsImNsaWVudF9zZXNzaW9uIjoiNTA4MTRmYzItNjViMC00OGJmLWFmNzktOGQ2Zjg5YTFhZDg3IiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInZlbmRvciJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.AcgsUMKH6Yczq6RxAxiwgViXRoiS2KuqFYdWOAYDmwL7_esy4E3guX9XR-8tBULiEspCNxCbgJca7t3_4jMxeIdhBq4DDqdecCe0XuU6HRugFD8nGDxHGMmotWarZn3mjj1jZmLCwYptoWgNVAJa6bILQafYFTHjb1Xzy_5j6lzk0waT9NMe0LFtVLFnW5xMqWs2gUMLUuY7XLlmNjarl_-LHsE3yiwWw1WR528JN3ld87tlQhGDv8FNfyK6jQ6VJwJbXgPuzfnVfoCVZOMx7K2fhSOTc8m8FgkCtVtX9noWqQt4DzI5N0LkycB9oIndLwZTQDklmuhaRCPkYOvU5g",
>   "token_type": "bearer",
>   "id_token":
> "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0NDMwYmVhMi0xN2FiLTQ3OTUtODNiMC0wYTVkYTc0YzdlNjIiLCJleHAiOjE0Njc2NTM1MDgsIm5iZiI6MCwiaWF0IjoxNDY3NjUzMjA4LCJpc3MiOiJodHRwOi8vdml6MDIubmV0MzIubmV0OjgwODAvYXV0aC9yZWFsbXMvTmV0MzIiLCJhdWQiOiJWZW5kb3JBUEkiLCJzdWIiOiIxYjhhZWJkNC1iNDU0LTQzYTYtODRlOS05MmQxMjc1NGFmNDUiLCJ0eXAiOiJJRCIsImF6cCI6IlZlbmRvckFQSSIsInNlc3Npb25fc3RhdGUiOiI5Y2E5NjFjOS0xYjg4LTQ3OGUtYjQ5MS01MTVhZmIwNjBlNjUiLCJuYW1lIjoiIiwidmVuZG9ySWQiOjE4OTU1LCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0cmFkZWFseiJ9.hhCaW_naA6Agx4rYoP3YP_wYqwXG7oq6DIHFup6JRPG2YckZ0ups46tYRwXG-6DPrRRfCdD36YiGA3sggJZllMlBL-SI4XZ5amayi4J_Ktz_1IleOsQRG49DFflIyk9W4ZWMDSqut2ZYTE0Bfm_yc5XZUNKEY7quPQLGg2JdF2kT7Ka80aHQOIQPvC-Q0IkL7-uyT2Swq2sU8RO4OGMJziKY71UWPpn-ht1p5dOL1lKlZoULS-VCPeCupGoOuR9Y9t88N7vbjFDv3dw3zw67BCA9BwwtsGKCJkhopvaJWS4tiRqFsoSF-_O2IzkuoEjAW3LalMe3vusQjzuFOSdOMQ",
>   "not-before-policy": 0,
>   "session_state": "9ca961c9-1b88-478e-b491-515afb060e65"
> }
>
> On Mon, Jul 4, 2016 at 1:11 PM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> Adding list back - please use reply all
>>
>> I'm not following. The response payload is the token, so not sure what it
>> is that you want in XML.
>>
>> On 4 July 2016 at 15:41, <asarathi at vizuri.com> wrote:
>>
>>> Sorry if I wasn't clear earlier. I don't want the token itself to be in
>>> xml. I just want the response payload from the token endpoint to be xml or
>>> Json based on the accept header.
>>>
>>>
>>> On Jul 4, 2016, at 3:04 AM, Stian Thorgersen <sthorger at redhat.com>
>>> wrote:
>>>
>>> We only support JWT with OpenID Connect. Can you elaborate on why you
>>> want an XML token?
>>>
>>> You could add a custom REST endpoint or a custom protocol to do this,
>>> but not sure I'd recommend doing it as there's a fair bit of logic that
>>> goes into the token endpoint.
>>>
>>> On 1 July 2016 at 18:39, Aswini Sarathi <asarathi at vizuri.com> wrote:
>>>
>>>> Hi,
>>>>
>>>>     I am trying to find out if there is a way to get response from
>>>> token endpoint  /realms/{realm-name}/protocol/openid-connect/token in
>>>> xml or json format based on the Accept header. If its not supported out of
>>>> the box, what other options are available to do this? Should I look at
>>>> creating a custom endpoint by implementing the SPI to do the mapping?
>>>>
>>>> Thanks!!
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160704/11c387e8/attachment-0001.html

More information about the keycloak-user mailing list