Had a quick look at it and seems Facebook and GitHub return access token response as
form-url-encoded (access_token=<...>&foo=bar).
Another thing I spotted was that I'm pretty sure we're not validating the SSL
connection when sending requests to the IdPs. We should drop the SimpleHttp util I created
and use something better (Apache or RestEasy) and make sure it's possible to setup a
truststore). SimpleHttp was only created as we initially wanted the social lib to be a
reusable lightweight lib, but now it's only for KC so there's no point in it and
it's pretty crap for many reasons!
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, 25 March, 2015 2:52:07 PM
Subject: [keycloak-dev] social/broker errors
I'll look into all the social/broker errors and test out on all social
providers (again) after I finish up some logout work.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev