Re: [keycloak-dev] Allow access_type parameter to be sent to Google Identity Provider

Hello, we're testing Keycloak with Google as a social identity provider and using the token exchange functionality to get access to the IDP access token. I noticed that Google requires the access_type parameter to be set to "offline" in the call to the authorization endpoint to release a refresh token, but there is no easy way to do this in Keycloak; configuring a generic OIDC identity provider allows me to configure access_type as a forwarded parameter, but no such option exists using GoogleIdentityProvider. I have a patch that (a) modifies GoogleIdentityProviderConfig and overrides getForwardedParameters() to add "access_type" to the returned values. Other options I considered include (b) changing the UI to allow to configure the forwareded parameters for GoogleIdentityProvider (since it extends OidcIdentityProvider) or (c) add a boolean configuration option to GoogleIdentityProviderConfig to allow/disallow forwarding the parameter or (d) add a boolean configuration option to GoogleIdentityProviderConfig to set "access_type" to "offline" if checked. Which would be the preferred route? Would a pull request be accepted? Cheers. *Francesco Degrassi* Tech Lead +39 329 4128 422 <+39+329+4128+422> *OptionFactory <http://www.optionfactory.net/>* _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev