keycloak authorization code flow id_token missing
by lucie lucas
Hi,
I'm a new dev for the field of OpenID Connect. I want to do a test about
the authorization code flow with keycloak.
So, I just clarify what I did
1. installation the standalone version (keycloak) with configuration
admin console
2. create a client app as client (protocole openid-connect), select
standard flow enabled,
3. from browser: I use url like : http://localhost:8080/auth/
realms/master/protocol/openid-connect/auth?client_id={
client_id}&response_type=code
<http://localhost:8080/auth/realms/master/protocol/openid-connect/auth?cli...>
4. the request redirect to{redirect_uri} with *code* and *sessionstate*
5. with postman, I filled the information as below:
POST http://localhost:8080/auth/realms/master/protocol/openid-connect/token
body :
client_id, client_secret,grant_type(authorization_code), scope(openid),
response_type(id_token%20token), redirect_uri, state (copy from 5th step
url), code (copy from 5th step url)
*BUT* there are only access token, refresh token in the response, there is
no id_token which I waited for.
Could you tell me what's wrong ? or keycloak support only access token? (I
don't think so, because when I test about Grant Access Flow, there's
id_token)
I looked for this information 2 weeks ago, until now, I've no solution.
Thank you for your feedbacks
Xiaoning
6 years, 10 months
Keycloak Proxy Request Logging?
by Rory Hart
Is there any way to get the proxy to log requests? Neither the
configuration nor the launcher appear to accept log level settings.
Thanks
6 years, 10 months
Keycloak role mapper & group mapper
by valsaraj pv
Hi,
What is difference between role mapper & group mapper. I have source LDAP
with subtrees groups & people. Application specific roles are under groups
and users under people subtree is member of these groups. So which mapper
can I use to sync with Keycloak?
Thanks!
6 years, 10 months
Share resource by checking if some other user is in a certain group
by Or Harary
Hello,
After some time of using keycloak which works great for most of my demands,
I wanted to know if it's possible to create a permission with a policy that
will tell me if some user (not the one which is logged in) is within a
certain group.
For example:
User 1 have a digital wallet.
This digital wallet have a resource:
name: /wallet/{wallet-id}
uri: /{user-1-id}/wallet/{wallet-id}
scopes: charge/read/...
User 2 have a company which is represented as a group
User 2 wants to charge user 1 digital wallet but I want him to only be able
to do so when user 1 is inside user 2 company's group
How can I check this with a policy?
Or somehow share user 1 resource with user 2 by a policy?
Thanks!
6 years, 10 months
Admin-Cli Automate the realm/client creation
by Subodh Joshi
Hi
Is this possible to login through admin-cli without passing client and
client-secret ?
Right now i am trying like this
./kcadm.sh config credentials --server https://<IP ADDRESS>:8666/auth
--realm master --user admin --password admin --client admin-cli --secret
8260c084-dd0a-4ed3-8a56-33186eab5d9d
But after installation of keycloak i want to run the admin-cli to create a
new realm/usergroup/client so i dont want to go to ui check the secret and
then fire above command to login through admin-cli .
Is their any way to get the default client admin-cli ,secret without going
to ui?
--
Subodh Chandra Joshi
subodh1_joshi82(a)yahoo.co.in
http://www.trendsinnews.com
6 years, 10 months
iOS app with Keycloak for authentication
by neza-dj
Hi everyone!
I'm new to the list as I just started to use Keycloak at a project of mine.
It's an iOS app where I want to enable login via Keycloak Server but I need
it in the native flow of my app (no WebViews, Safari,
SFSafariViewControllers etc.). Therefore I'm trying to make it work with
Resource Owner Password Credentials Grant (or Direct Access Grant in
Keycloak). I know this is not the best practice for oAuth2 but this is how
I'm required to do it. Right now I'm working with this library
https://github.com/p2/OAuth2 <https://github.com/p2/OAuth2> that has the
functionality of login but I also need a registration option for new users
so I'm sondering if anyone has done that and how should I go about doing it
- do I write my own https requests to Keycloak or how should I do it?
Thank you in advance for any help, I am a newbie to all this so any advice
would be appreciated.
Neza
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
6 years, 10 months
WebLogic and KeycloakOIDCFilter
by Thomas Isaksen
Does anyone have a working example of this setup on WebLogic? I am still having problems with the infinite loop after authentication. I don't know if my Client config might be wrong.
./t
6 years, 10 months
Keycloak user federation issue with email constraint
by valsaraj pv
Hi,
I am checking Keycloak user federation with openldap sourcce. It worked
fine & synced users but some users are not synced as they hace same email
id as already sunced users.
I see this constraint in Keycloak postgresql user_entity table:
CONSTRAINT uk_dykn684sl8up1crfei6eckhd7 UNIQUE (realm_id, email_constraint)
But we need only uid (userName in Keycloak) unique. Is there anyway to
configure that email can be duplicated?
6 years, 10 months
Is this possible to hard code the client id through Admin-CLI?
by Subodh Joshi
Hi I want to create the Hard code client id at the time of client
creationthrough admin-cli .Is this possible ? At the time of client
creation we can give client-id like we can give secret ?
./kcadm.sh create clients -r MyRealm -s clientId=TEST_1
id=590c3a24-gf46-4ce2-9536-6d2d166d1a8d -s enabled=true -s
clientAuthenticatorType=client-secret -s
secret=d0b8122f-8dfb-46h7-b69a-f5cc4e25d000
6 years, 10 months
Social login - not getting user info
by Anton
Hello
Im working with Keycloak in a mobile app, and am getting familiar with the
features and capabilities of Keycloak using
https://github.com/TommyJ1994/keyonic-v2.
This project is proving to be very helpful!
The issue that I am running into is, when I login with as a user using
username/password, then I can see the users details in the app.
However when I login using a social identity provider, such as facebook,
then I do not get the user info in the app.
But, in Keycloak, for both cases the user info is present.
Does anyone know what I am doing wrong?
Thanks
6 years, 10 months
