[keycloak-user] Admin API permission enpoints for token exchange
James Mitchell
jamesm at suitebox.com
Wed Sep 4 00:25:15 EDT 2019
Can I get a pointer to any admin api endpoints to enable permissions for an
identity provider to perform token exchange, and an endpoint to create the
client policy for the permission?
Firstly, I know this would all do away if I create identity providers and
redirect to Keycloak to handle the whole oauth process... but then I think
that would break all the existing redirect urls I have provided to the
external oauth services, so I'm reluctant to do that. I'd prefer a behind
the scenes migration.
So, my use case is that I have existing site with server code that
authenticates users with external services then grants access to the site.
I have migrated all the internal users to a Keycloak auth, and now I'm
looking at how to exchange the tokens from the external service for valid
Keycloak tokens.
Following the steps from the documents, I can automate the following steps
* create an identity provider fro the external service, and fill in all the
endpoint and client ids
* lookup the existing user (they are guaranteed to exist) and link them to
the new IDP
* < this is the missing step for automations >
* perform the token exchange, which now works OK with my Google test user
My problem is that I need to enable the permissions, and create the policy
to allow the IDP to do token exchange; and I have not found which API
endpoints will do that.
Can someone point me at the right documents, or a keyword to search form in
the Admin REST API document?
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm at suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
More information about the keycloak-user
mailing list