[keycloak-user] Missing Basic Authentication functionality for connecting to an OpenId Identity Provider
Merckx, Ulrich
ulrich.merckx at vlaanderen.be
Mon Mar 12 03:28:32 EDT 2018
I have created an issue for this problem, with a patch which adds extra functionality for an OpenID Identity Provider. (Maybe it is even better to add this functionality in the OAuth2Provider, but in my case, it was only relevant for OpenID). The patch adds an option in the OpenID Identity Provider which allows specifying if you want to send your client_id and client_secret as POST parameters of as an Authorization Header.
https://issues.jboss.org/browse/KEYCLOAK-6761
Regards,
Ulrich Merckx
On 23 Feb 2018, at 14:20, Merckx, Ulrich <ulrich.merckx at vlaanderen.be<mailto:ulrich.merckx at vlaanderen.be>> wrote:
Hi,
We are having an issue while connecting from keycloak to a certain OpenId Identity Provider.
The OpenId Provider only supports logging in with Basic Authentication (client_id and client_secret), as specified in
"token_endpoint_auth_methods_supported": [
"client_secret_basic”
]
Currently keycloak does only support ‘posting' the client_id and client_secret. This will not work with the OpenID Identity Provider.
Or maybe I don’t see how to configure it.
Code: https://github.com/keycloak/keycloak/blob/63efee6e158c4a06d4948819cb36ccf88bcf5e0f/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java#L423
Can you confirm connecting to an OpenId Identity Provider with Basic Authentication is not implemented in keycloak.
If this is not implemented I will make a JIRA issue.
The OAuth RFC also states that it is recommended to use Basic Authentication over Posting. (see: https://tools.ietf.org/html/rfc6749#section-2.3.1).
Kind regards,
Ulrich Merckx
Ontwikkelaar
More information about the keycloak-user
mailing list