[keycloak-user] Keycloak always create user when use exchange_token grant_type
Pedro Igor Silva
psilva at redhat.com
Wed Jun 27 09:45:29 EDT 2018
During the exchange of an external token to an internal token if the user
is not federated it will be always created. You can create a RFE in JIRA
describing your requirements in more details and we'll see/discuss how we
can support that.
Regards.
Pedro Igor
On Wed, Jun 27, 2018 at 3:53 AM, Florian Bernard <fbernard at appstud.com>
wrote:
> Hello,
> We try to implement the following use case :
> We have a Realm and a Client that allow users to login with the rest
> api /auth/realms/{Realm}/protocol/openid-connect/token (from a mobile
> application).
> Users should be able to login with a Facebook token by using the same
> rest api but with token-exchange grant_type only if a keycloak user already
> exists and if it’s linked with Facebook identity provider.
> Problem: if a user that does not exist in Keycloak exchange a Facebook
> token, it’ll be automatically created by keycloak and an access_token is
> return.
> We try to modify First Login Flow in Identity provider configuration,
> but it does not work.
> How we can prevent keycloak to create user and return an error if
> there is no keycloak user linked to the facebook token?
>
> Thanks in advance,
> Florian
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list