[keycloak-dev] Support rfc6750 Form-Encoded Body Parameter for access tokens in Keycloak

Hi Keycloak Developers, RFC6750 allows the access token to be submitted as part of a POST request. I found that this is the only good way to do file downloads in a JavaScript frontend. https://tools.ietf.org/html/rfc6750#section-2.1 Excerpt: When sending the access token in the HTTP request entity-body, client adds the access token to the request-body using the "access_token" parameter. [...] Resource servers MAY support this method. I don't remember a thread on this mailing list. The only place I could find in the code was the User Endpoint that does this quite manually. Currently Keycloak only supports the query parameter using QueryParamterTokenRequestAuthenticator. A similar class will be needed to support a Form Parameter. Like the QueryParamterTokenRequestAuthenticator it will be part of the request processing and it will not be configurable. I'd like to open a JIRA issue for this as part of the Java Keycloak Clients to track the efforts and thoughts. Comments welcome! Regards, Alexander -- Alexander Schwartz (alexander.schwartz(a)gmx.net) http://www.ahus1.de