Hi
Custom social provider works like a charm, I created PR #2058 for KC 1.8
branch. I'll provide another PR for master branch later once module
re-org will be done.
Vlastimil
On 19.1.2016 13:54, Stian Thorgersen wrote:
According
to
https://msdn.microsoft.com/en-us/library/hh243649.aspx#get_access_rest
it should return an access_token. Then
there's
https://msdn.microsoft.com/en-us/library/hh243649.aspx#use_access_rest
to get the user info, but you're right it's being included as a query
param (which is stupid btw).
As they are not doing OIDC I guess you'll have to do a social provider
for it.
On 19 January 2016 at 13:36, Vlastimil Elias <velias(a)redhat.com
<mailto:velias@redhat.com>> wrote:
On 19.1.2016 12:54, Stian Thorgersen wrote:
> I wouldn't think it is. OpenID Connect usually is '.../userinfo'.
> As long as '/me' returns json you can use mappers to do whatever
> you'd like though.
But MS Live API /me operation do not accept Bearer Authorization
header, documentation says access token must be sent as GET param,
so it looks like User Info URL will not work as it sends Bearer
header :-(
I tried to use general OIDC connector but I end up with
13:09:25,763 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] Failed
to make identity provider oauth callback
org.keycloak.broker.provider.IdentityBrokerException: No
access_token from server.
at
org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:269)
at
org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:206)
at
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:229)
It is strange, looks like Token URL doesn't return access_token,
it only returns id_token. Response is like
{"id_token":"eyJ0eXAiOiJKV1Qi....","id_token_expires_in":86400}
Any idea what may be wrong? Should this id_token be used instead
of access token? If yes then I can resolve this problem in custom
social provider.
Vlastimil
>
> On 19 January 2016 at 12:22, Vlastimil Elias <velias(a)redhat.com
> <mailto:velias@redhat.com>> wrote:
>
>
>
> On 19.1.2016 12:09, Stian Thorgersen wrote:
>>
>>
>> On 19 January 2016 at 12:06, Vlastimil Elias
>> <velias(a)redhat.com <mailto:velias@redhat.com>> wrote:
>>
>> Hi
>>
>> On 19.1.2016 11:52, Stian Thorgersen wrote:
>>> If you can get it in today or tomorrow (early) we can
>>> add it to 1.8.0.CR2.
>>
>> will try to do this, I will provide PR against branche
>> and the another against master
>>
>>> You should also be able to use the generic OpenID
>>> Connect provider.
>>
>> I though about it, but if I understand it correctly I
>> will not be able to get users name, surname and email
>> this way, as it is not provided in OAuth 2 and it
>> requires another REST call in common social providers.
>>
>>
>> Do they not have an userinfo endpoint?
>
> They have some REST endpoint at /me path, see doc at
>
https://msdn.microsoft.com/en-us/library/hh826534.aspx
> But I'm not sure if it match some standard or rules so
> generic OpenID Connect provider can use it. What is format
> for UserInfo endpoint to be useful for this provider?
> Keycloak documentation do not provide any useful info about
> requirements for this URL (eg link to some specification).
>
> Vlastimil
>
>>
>>
>>
>>
>>>
>>> Adding it yourself would require also adding templates
>>> in admin theme, shouldn't be a big deal as you only
>>> need that one template and the rest you'd inherit from
>>> Keycloak theme.
>>
>> I see
>>
>> Thanks
>>
>>
>>>
>>> On 19 January 2016 at 11:10, Vlastimil Elias
>>> <velias(a)redhat.com <mailto:velias@redhat.com>>
wrote:
>>>
>>> Hi,
>>>
>>> I need Social login provider for Microsoft Live
>>> account. I can implement
>>> it as I did few other social login providers already.
>>>
>>> Problem is that I need it in Keycloak 1.8. Any
>>> chance to add it to 1.8
>>> if I will be quick enough (PR today or tomorrow)?
>>> It is OAuth2 based
>>> provider so impl should be easy.
>>>
>>> If not in KC 1.8 release, is it possible to add
>>> social provider as
>>> customization to my KC instance only? It is common
>>> provider factory so
>>> it should be possible I hope, but it also requires
>>> some template in
>>> admin theme, so I'm not sure (probably I have to
>>> create my customized
>>> admin theme in this case).
>>>
>>> I definitely prefer to have it in upstream if possible.
>>>
>>> Vlastimil
>>>
>>> --
>>> Vlastimil Elias
>>> Principal Software Engineer
>>> Developer Portal Engineering Team
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev(a)lists.jboss.org
>>> <mailto:keycloak-dev@lists.jboss.org>
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>>
>>
>> --
>> Vlastimil Elias
>> Principal Software Engineer
>> Developer Portal Engineering Team
>>
>>
>
> --
> Vlastimil Elias
> Principal Software Engineer
> Developer Portal Engineering Team
>
>
--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team
--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team