Thanks for responding Pedro! I will try it with that enabled and see if
that helps. It does look promising! :) I'll update once I have tested it.
Thanks again! :)
Nick
On Thu, Jul 25, 2019 at 3:30 PM Pedro Igor Silva <psilva(a)redhat.com> wrote:
Hi Nick,
Let's try to revert this. We are always trying to do our best to help
people as much as we can.
The documentation [1] does not seem to be updated but there is a "Request
refresh token" switch in the Google Identity Provider that when enabled
makes an offline request (access_type=offline as a query param).
Did you try it out? The related issue is
https://issues.jboss.org/browse/KEYCLOAK-6614.
Please, let me know if you have issues using it. Or maybe you are facing
some other issue that is blocking you to use this functionality.
[1]
https://www.keycloak.org/docs/latest/server_admin/index.html#google
Regards.
Pedro Igor
On Thu, Jul 25, 2019 at 3:35 PM Nick Powers <sshscp(a)gmail.com> wrote:
> I ran into an issue with Google IDP & Keycloak, where offline access
> cannot
> be requested and therefore refresh tokens cannot be received from Google.
>
> I then started researching to see if this problem have been previously
> identified and resolved. Although I did find find many people identifying
> the problem who were looking for an answer in both this mailing list and
> in
> the keycloak dev mailing list, there was no solutions in any of those
> messages. These questions spanned 4 years, and yet Google IDP remains
> broken.
>
> When the question is posed to the user group the messages are either not
> answered at all or don't provide any solutions. In the Keycloak dev
> mailing list it is discussed but in general they are dismissed, along the
> line of "Why would you need to use offline access?" dismissing it as a
> useless feature. This is a difficult answer to swallow if you need to use
> Google offline access with Keycloak. Especially when all it would take is
> to add "access_type=offline" to the Google auth UR. To be absolutely
> clear
> they devs could easily fix this, they just don't want to.
>
> So, if you have found this message, now or in the future, hoping to find a
> way to obtain refresh tokens from Google using Keycloak all I can do is
> try
> and spare you any more time wasted on this pursuit. Keycloak does NOT
> offline access for Google IDP and therefore you cannot receive refresh
> tokens from Google with Keycloak, and chances are that it will NEVER
> support it.
>
> I wish I was wrong but it doesn't appear that way.
>
> Good Luck!
>
> Nick
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>