[keycloak-user] Fwd: keycloak authorization code flow id_token missing
Jared Blashka
jblashka at redhat.com
Mon Feb 19 10:43:04 EST 2018
It's in the documentation, see
http://www.keycloak.org/docs/latest/upgrading/index.html#id-token-requires-scope-openid
.
You need to include scope=openid in your request if you want the ID token.
Jared
On Sun, Feb 18, 2018 at 1:33 PM, lucie lucas <xiaoning.sunx at gmail.com>
wrote:
> Sorry, I didn't forward for everyone
>
> And another thing: do you think it's a bug of keycloak (version 3.4.3), if
> yes, how could I report this bug ?
> Thanks a lot
>
>
> ---------- Forwarded message ----------
> From: lucie lucas <xiaoning.sunx at gmail.com>
> Date: 2018-02-18 12:15 GMT+01:00
> Subject: Re: [keycloak-user] keycloak authorization code flow id_token
> missing
> To: valsaraj pv <valsarajpv at gmail.com>
>
>
> And another thing: do you think it's a bug of keycloak (version 3.4.3), if
> yes, how could I report this bug ?
> Thanks a lot
> Xiaoning
>
> 2018-02-18 12:09 GMT+01:00 lucie lucas <xiaoning.sunx at gmail.com>:
>
> > Hi,
> > Thank you for your response, but in my case, I can't use implicit or
> > hybrid flow because of security problem. And for information, I want use
> > keycloak just as Identify provider, and I've an authorization server. I
> > don't know if it works, so I want to do tests with postman to be sure.
> >
> > Have you had the similar situation?
> >
> > Thanks in advance
> > Have a nice day
> > Xiaoning
> >
> > 2018-02-18 6:49 GMT+01:00 valsaraj pv <valsarajpv at gmail.com>:
> >
> >> Hi,
> >>
> >> Can you check implicit ir hybrid flow instead of cide flow?
> >>
> >> Thanks!
> >>
> >>
> >> On 18-Feb-2018 3:15 AM, "lucie lucas" <xiaoning.sunx at gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> I'm a new dev for the field of OpenID Connect. I want to do a test about
> >> the authorization code flow with keycloak.
> >>
> >> So, I just clarify what I did
> >>
> >> 1. installation the standalone version (keycloak) with configuration
> >> admin console
> >> 2. create a client app as client (protocole openid-connect), select
> >> standard flow enabled,
> >> 3. from browser: I use url like : http://localhost:8080/auth/
> >> realms/master/protocol/openid-connect/auth?client_id={
> >> client_id}&response_type=code
> >> <http://localhost:8080/auth/realms/master/protocol/openid-c
> >> onnect/auth?client_id=%7Bclient_id%7D&response_type=code>
> >> 4. the request redirect to{redirect_uri} with *code* and
> *sessionstate*
> >> 5. with postman, I filled the information as below:
> >>
> >> POST http://localhost:8080/auth/realms/master/protocol/openid-con
> >> nect/token
> >> body :
> >> client_id, client_secret,grant_type(authorization_code), scope(openid),
> >> response_type(id_token%20token), redirect_uri, state (copy from 5th
> step
> >> url), code (copy from 5th step url)
> >>
> >> *BUT* there are only access token, refresh token in the response, there
> is
> >> no id_token which I waited for.
> >>
> >> Could you tell me what's wrong ? or keycloak support only access token?
> (I
> >> don't think so, because when I test about Grant Access Flow, there's
> >> id_token)
> >>
> >> I looked for this information 2 weeks ago, until now, I've no solution.
> >>
> >> Thank you for your feedbacks
> >>
> >> Xiaoning
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >>
> >>
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list