On 19.1.2016 12:54, Stian Thorgersen
wrote:
I wouldn't think it is. OpenID Connect usually is
'.../userinfo'. As long as '/me' returns json you can use
mappers to do whatever you'd like though.
But MS Live API /me operation do not accept Bearer Authorization
header, documentation says access token must be sent as GET param,
so it looks like User Info URL will not work as it sends Bearer
header :-(
I tried to use general OIDC connector but I end up with
13:09:25,763 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] Failed to
make identity provider oauth callback
org.keycloak.broker.provider.IdentityBrokerException: No
access_token from server.
at
org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:269)
at
org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:206)
at
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:229)
It is strange, looks like Token URL doesn't return access_token, it
only returns id_token. Response is like
{"id_token":"eyJ0eXAiOiJKV1Qi....","id_token_expires_in":86400}
Any idea what may be wrong? Should this id_token be used instead of
access token? If yes then I can resolve this problem in custom
social provider.
Vlastimil
--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team