[keycloak-user] AT as Query Param

Simon Faust simon.faust at gmx.de
Tue Jul 17 15:58:59 EDT 2018


it seems to be fixed in version 4.2.0

For those working on older versions:

Instantiate KeycloakAuthenticationProcessingFilter with an additional 
RequestMatcher that matches requests having an access_token query parameter.

Adapt KeycloakAuthenticationProcessingFilter.successfulAuthentication() 
to handle queryParamToken-request like bearerToken- and basicAuth-requests.

Cheers Simon

Am 17.07.2018 um 11:11 schrieb Simon Faust:

> Hi,
>
> I've a REST Server secured using bearer-only. Now I'm stuck with the
> file download usecase (no token in http header).
>
> According to KEYCLOAK-2650
> <https://issues.jboss.org/browse/KEYCLOAK-2650> it's possible to pass
> Access Token as a Query Parameter (guess its name is "access_token",
> right?). On testing that every request I make gets redirected to
> /sso/login.
>
> Am I missing some configuration? It seems that the Keycloak adapter does
> not try at all to get a token from query param... I'm using
> keycloak-spring-security-adapter 3.2.1
>
> Thanks in advance, Simon
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list