11:16 a.m.
As far as I see in the code, the Java Adapters always use the standard
flow i.e. response_type=code
Please tell me this observation is wrong and there is an undocumented
setting I just didn't see that I can use to tell the adapter to use the
implicit flow instead :|
If this is really missing, where would you suggest this should be
configured? I'd expect the setting to be in KeycloakDeployment and
OAuthRequestAuthenticator#loginRedirect would then use the value instead
of always using the "code" value.
Mit freundlichen Grüßen,
------------------------------------------------------------------------
*Christian Beikov*
Am 18.04.2018 um 17:35 schrieb Christian Beikov:
Is there any way to avoid the access code to access token exchange?
Since the Keycloak server is not accessible, I'm getting an error
during authentication:
ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default
task-54) failed to turn code into token:
java.net.UnknownHostException: blabla.local: unknown error
...
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:111)
at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:330)
at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:275)
at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:139)
at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
...
Mit freundlichen Grüßen,
------------------------------------------------------------------------
*Christian Beikov*
Am 18.04.2018 um 14:48 schrieb Thomas Darimont:
> Hello Christian,
>
> your application server needs to communicate with the Keycloak server
> to retrieve the realm public key referenced in the token to verify
> the token signature.
> The current implementation in Keycloak fetches & caches unknown
> public keys automatically.
>
> You could also use a fixed realm public key on the application server
> side but it would not support key rotation anymore.
>
> Cheers,
> Thomas
>
> 2018-04-18 13:45 GMT+02:00 Christian Beikov
> <christian.beikov(a)gmail.com <mailto:christian.beikov@gmail.com>>:
>
> Hi,
>
> is it necessary that an application secured by Keycloak can
> access the
> Keycloak server? Or is it enough if the Browser can access the
> Keycloak
> server?
>
> --
>
> Mit freundlichen Grüßen,
> ------------------------------------------------------------------------
> *Christian Beikov*
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
>