it
should return an access_token. Then there's
to
get the user info, but you're right it's being included as a query param
(which is stupid btw).
As they are not doing OIDC I guess you'll have to do a social provider for
it.
On 19 January 2016 at 13:36, Vlastimil Elias <velias(a)redhat.com> wrote:
On 19.1.2016 12:54, Stian Thorgersen wrote:
I wouldn't think it is. OpenID Connect usually is '.../userinfo'. As long
as '/me' returns json you can use mappers to do whatever you'd like though.
But MS Live API /me operation do not accept Bearer Authorization header,
documentation says access token must be sent as GET param, so it looks like
User Info URL will not work as it sends Bearer header :-(
I tried to use general OIDC connector but I end up with
13:09:25,763 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] Failed to make
identity provider oauth callback
org.keycloak.broker.provider.IdentityBrokerException: No access_token from
server.
at
org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:269)
at
org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:206)
at
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:229)
It is strange, looks like Token URL doesn't return access_token, it only
returns id_token. Response is like
{"id_token":"eyJ0eXAiOiJKV1Qi....","id_token_expires_in":86400}
Any idea what may be wrong? Should this id_token be used instead of access
token? If yes then I can resolve this problem in custom social provider.
Vlastimil
On 19 January 2016 at 12:22, Vlastimil Elias <velias(a)redhat.com> wrote:
>
>
> On 19.1.2016 12:09, Stian Thorgersen wrote:
>
>
>
> On 19 January 2016 at 12:06, Vlastimil Elias < <velias(a)redhat.com>
> velias(a)redhat.com> wrote:
>
>> Hi
>>
>> On 19.1.2016 11:52, Stian Thorgersen wrote:
>>
>> If you can get it in today or tomorrow (early) we can add it to
>> 1.8.0.CR2.
>>
>>
>> will try to do this, I will provide PR against branche and the another
>> against master
>>
>> You should also be able to use the generic OpenID Connect provider.
>>
>>
>> I though about it, but if I understand it correctly I will not be able
>> to get users name, surname and email this way, as it is not provided in
>> OAuth 2 and it requires another REST call in common social providers.
>>
>
> Do they not have an userinfo endpoint?
>
>
> They have some REST endpoint at /me path, see doc at
>
https://msdn.microsoft.com/en-us/library/hh826534.aspx
> But I'm not sure if it match some standard or rules so generic OpenID
> Connect provider can use it. What is format for UserInfo endpoint to be
> useful for this provider? Keycloak documentation do not provide any useful
> info about requirements for this URL (eg link to some specification).
>
> Vlastimil
>
>
>
>>
>>
>>
>> Adding it yourself would require also adding templates in admin theme,
>> shouldn't be a big deal as you only need that one template and the rest
>> you'd inherit from Keycloak theme.
>>
>>
>> I see
>>
>> Thanks
>>
>>
>>
>> On 19 January 2016 at 11:10, Vlastimil Elias < <velias(a)redhat.com>
>> velias(a)redhat.com> wrote:
>>
>>> Hi,
>>>
>>> I need Social login provider for Microsoft Live account. I can implement
>>> it as I did few other social login providers already.
>>>
>>> Problem is that I need it in Keycloak 1.8. Any chance to add it to 1.8
>>> if I will be quick enough (PR today or tomorrow)? It is OAuth2 based
>>> provider so impl should be easy.
>>>
>>> If not in KC 1.8 release, is it possible to add social provider as
>>> customization to my KC instance only? It is common provider factory so
>>> it should be possible I hope, but it also requires some template in
>>> admin theme, so I'm not sure (probably I have to create my customized
>>> admin theme in this case).
>>>
>>> I definitely prefer to have it in upstream if possible.
>>>
>>> Vlastimil
>>>
>>> --
>>> Vlastimil Elias
>>> Principal Software Engineer
>>> Developer Portal Engineering Team
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>>
>> --
>> Vlastimil Elias
>> Principal Software Engineer
>> Developer Portal Engineering Team
>>
>>
>
> --
> Vlastimil Elias
> Principal Software Engineer
> Developer Portal Engineering Team
>
>
--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team