8:07 p.m.
I have wasted so much time deploying Keycloak to only learn in the end that
it doesn't support Google offline access and thus cannot retrieve Google
refresh tokens. I am not alone, there are many messages in both the
Keycloak user and dev mailing lists discussing the lack of offline access
for Google IDP on Keycloak.
When this comes up in the user mailing list the messages are generally not
responded to. Which makes sense since there is not a working solution to
receive Google refresh tokens using Keycloak's Google IDP solution. It is
broken and thus the users cannot provide a solution.
When this comes up in this (the dev) mailing list, it is again ignored or
it is debated but end up with the same sentiment, that offline access /
refresh tokens from Google IDP is not a worthwhile feature. I found many
messages in the dev mailing list, spanning from 4 years ago to current
identifying this issue and yet it remains unfixed. All it would take is to
add "access_type=offline" to the Google auth URL and yet still it is
broken, they just don't care enough to do even that simple task. They
think that it is silly that anyone would need a Google refresh token.
I found the code segment that related to Google offline access in Keycloak
and there was a comment that identified an email address of the person who
wrote that section of code. It was a Red Hat email, from regular user on
this mailing list. I reached out to him and his response was that he had
no time to respond to my query and that Red Hat does not support Keycloak.
Maybe don't put your email into code you don't want to get queries on? So,
if Red Hat is not supporting their own project, in any regard, and the devs
have no intention of fixing this bug the assumption is that Google IDP will
never be fixed.
If you landed on this message, now or in the future, in hopes of finding a
solution to get Google refresh tokens from Keycloak IDP all I can do is try
to save you some time and say that Google IDP on Keycloak is currently
broken in that regards and if the past is any indication the devs have no
intention of fixing the code to allow that access.
If any devs on this list disagree with this message then please let me know
what I have missed and point me in the direction of a solution for this
issue....... I didn't think so.
:(
5:46 p.m.
Hello Nick,
"All it would take is to add "access_type=offline" to the Google auth URL
and yet still it is broken, they just don't care enough to do even that
simple task."
isn't this already implemented?
See:
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...
What's missing?
Cheers,
Thomas
On Thu, 25 Jul 2019 at 21:40, Nick Powers <sshscp(a)gmail.com> wrote:
I have wasted so much time deploying Keycloak to only learn in the
end that
it doesn't support Google offline access and thus cannot retrieve Google
refresh tokens. I am not alone, there are many messages in both the
Keycloak user and dev mailing lists discussing the lack of offline access
for Google IDP on Keycloak.
When this comes up in the user mailing list the messages are generally not
responded to. Which makes sense since there is not a working solution to
receive Google refresh tokens using Keycloak's Google IDP solution. It is
broken and thus the users cannot provide a solution.
When this comes up in this (the dev) mailing list, it is again ignored or
it is debated but end up with the same sentiment, that offline access /
refresh tokens from Google IDP is not a worthwhile feature. I found many
messages in the dev mailing list, spanning from 4 years ago to current
identifying this issue and yet it remains unfixed. All it would take is to
add "access_type=offline" to the Google auth URL and yet still it is
broken, they just don't care enough to do even that simple task. They
think that it is silly that anyone would need a Google refresh token.
I found the code segment that related to Google offline access in Keycloak
and there was a comment that identified an email address of the person who
wrote that section of code. It was a Red Hat email, from regular user on
this mailing list. I reached out to him and his response was that he had
no time to respond to my query and that Red Hat does not support Keycloak.
Maybe don't put your email into code you don't want to get queries on? So,
if Red Hat is not supporting their own project, in any regard, and the devs
have no intention of fixing this bug the assumption is that Google IDP will
never be fixed.
If you landed on this message, now or in the future, in hopes of finding a
solution to get Google refresh tokens from Keycloak IDP all I can do is try
to save you some time and say that Google IDP on Keycloak is currently
broken in that regards and if the past is any indication the devs have no
intention of fixing the code to allow that access.
If any devs on this list disagree with this message then please let me know
what I have missed and point me in the direction of a solution for this
issue....... I didn't think so.
:(
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
6:37 p.m.
Yes, I received a response to a message in the user mailing list that
identified where I needed to enable it. Please ignore my original email on
this as I was able to enable this by turning on Request refresh token in
the IDP configuration in the Keycloak GUI. This is currently an
undocumented feature. Hopefully it will make it into the documentation
soon.
I apologize for the harshness of my original email, I was just at my wits
end. I would have responded to this sooner but I don't know how I can
respond to my own messages in this mailing list, since I do not receive me
own message in my inbox.
Thanks,
Nick
On Fri, Jul 26, 2019 at 9:47 AM Thomas Darimont <
thomas.darimont(a)googlemail.com> wrote:
Hello Nick,
"All it would take is to add "access_type=offline" to the Google auth URL
and yet still it is broken, they just don't care enough to do even that
simple task."
isn't this already implemented?
See:
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...
What's missing?
Cheers,
Thomas
On Thu, 25 Jul 2019 at 21:40, Nick Powers <sshscp(a)gmail.com> wrote:
> I have wasted so much time deploying Keycloak to only learn in the end
> that
> it doesn't support Google offline access and thus cannot retrieve Google
> refresh tokens. I am not alone, there are many messages in both the
> Keycloak user and dev mailing lists discussing the lack of offline access
> for Google IDP on Keycloak.
>
> When this comes up in the user mailing list the messages are generally not
> responded to. Which makes sense since there is not a working solution to
> receive Google refresh tokens using Keycloak's Google IDP solution. It is
> broken and thus the users cannot provide a solution.
>
> When this comes up in this (the dev) mailing list, it is again ignored or
> it is debated but end up with the same sentiment, that offline access /
> refresh tokens from Google IDP is not a worthwhile feature. I found many
> messages in the dev mailing list, spanning from 4 years ago to current
> identifying this issue and yet it remains unfixed. All it would take is
> to
> add "access_type=offline" to the Google auth URL and yet still it is
> broken, they just don't care enough to do even that simple task. They
> think that it is silly that anyone would need a Google refresh token.
>
> I found the code segment that related to Google offline access in Keycloak
> and there was a comment that identified an email address of the person who
> wrote that section of code. It was a Red Hat email, from regular user on
> this mailing list. I reached out to him and his response was that he had
> no time to respond to my query and that Red Hat does not support Keycloak.
> Maybe don't put your email into code you don't want to get queries on? So,
> if Red Hat is not supporting their own project, in any regard, and the
> devs
> have no intention of fixing this bug the assumption is that Google IDP
> will
> never be fixed.
>
> If you landed on this message, now or in the future, in hopes of finding a
> solution to get Google refresh tokens from Keycloak IDP all I can do is
> try
> to save you some time and say that Google IDP on Keycloak is currently
> broken in that regards and if the past is any indication the devs have no
> intention of fixing the code to allow that access.
>
> If any devs on this list disagree with this message then please let me
> know
> what I have missed and point me in the direction of a solution for this
> issue....... I didn't think so.
>
> :(
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
8:47 p.m.
guys, let me comment that this is open source :) so something is not there?
work on it!
this is not a product you pay for, who is working paid by a company on it,
it's doing it inline with the corporate strategy, which may means that if a
feature
is not a priority for their company, despite they understand its
importance, they may not give it priority.
take care,
federico
On Fri, 26 Jul 2019 at 19:21, Nick Powers <sshscp(a)gmail.com> wrote:
Yes, I received a response to a message in the user mailing list
that
identified where I needed to enable it. Please ignore my original email on
this as I was able to enable this by turning on Request refresh token in
the IDP configuration in the Keycloak GUI. This is currently an
undocumented feature. Hopefully it will make it into the documentation
soon.
I apologize for the harshness of my original email, I was just at my wits
end. I would have responded to this sooner but I don't know how I can
respond to my own messages in this mailing list, since I do not receive me
own message in my inbox.
Thanks,
Nick
On Fri, Jul 26, 2019 at 9:47 AM Thomas Darimont <
thomas.darimont(a)googlemail.com> wrote:
> Hello Nick,
>
> "All it would take is to add "access_type=offline" to the Google auth
URL
> and yet still it is broken, they just don't care enough to do even that
> simple task."
>
> isn't this already implemented?
> See:
>
>
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...
>
>
> What's missing?
>
> Cheers,
> Thomas
>
> On Thu, 25 Jul 2019 at 21:40, Nick Powers <sshscp(a)gmail.com> wrote:
>
>> I have wasted so much time deploying Keycloak to only learn in the end
>> that
>> it doesn't support Google offline access and thus cannot retrieve Google
>> refresh tokens. I am not alone, there are many messages in both the
>> Keycloak user and dev mailing lists discussing the lack of offline
access
>> for Google IDP on Keycloak.
>>
>> When this comes up in the user mailing list the messages are generally
not
>> responded to. Which makes sense since there is not a working solution
to
>> receive Google refresh tokens using Keycloak's Google IDP solution. It
is
>> broken and thus the users cannot provide a solution.
>>
>> When this comes up in this (the dev) mailing list, it is again ignored
or
>> it is debated but end up with the same sentiment, that offline access /
>> refresh tokens from Google IDP is not a worthwhile feature. I found
many
>> messages in the dev mailing list, spanning from 4 years ago to current
>> identifying this issue and yet it remains unfixed. All it would take is
>> to
>> add "access_type=offline" to the Google auth URL and yet still it is
>> broken, they just don't care enough to do even that simple task. They
>> think that it is silly that anyone would need a Google refresh token.
>>
>> I found the code segment that related to Google offline access in
Keycloak
>> and there was a comment that identified an email address of the person
who
>> wrote that section of code. It was a Red Hat email, from regular user
on
>> this mailing list. I reached out to him and his response was that he
had
>> no time to respond to my query and that Red Hat does not support
Keycloak.
>> Maybe don't put your email into code you don't want to get queries on?
So,
>> if Red Hat is not supporting their own project, in any regard, and the
>> devs
>> have no intention of fixing this bug the assumption is that Google IDP
>> will
>> never be fixed.
>>
>> If you landed on this message, now or in the future, in hopes of
finding a
>> solution to get Google refresh tokens from Keycloak IDP all I can do is
>> try
>> to save you some time and say that Google IDP on Keycloak is currently
>> broken in that regards and if the past is any indication the devs have
no
>> intention of fixing the code to allow that access.
>>
>> If any devs on this list disagree with this message then please let me
>> know
>> what I have missed and point me in the direction of a solution for this
>> issue....... I didn't think so.
>>
>> :(
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
*Dr. FEDERICO MICHELE FACCA*
*CTO, Head of Martel Lab*
+41 788075838
*MARTEL INNOVATE* <https://www.martel-innovate.com/> - INNOVATION, WE MAKE
IT HAPPEN
Click *HERE* to download Martel reports and white papers!
<https://www.martel-innovate.com/premium-content/>
Follow us on *TWITTER* <https://twitter.com/Martel_Innovate>
1729
days inactive
1730
days old
3 comments
3 participants
participants (3)
-
Federico Michele Facca -
Nick Powers -
Thomas Darimont