Re: [keycloak-user] Keycloak always create user when use exchange_token grant_type

Wednesday, 27 June 2018

During the exchange of an external token to an internal token if the user
is not federated it will be always created. You can create a RFE in JIRA
describing your requirements in more details and we'll see/discuss how we
can support that.

Regards.
Pedro Igor

On Wed, Jun 27, 2018 at 3:53 AM, Florian Bernard <fbernard(a)appstud.com&gt;
wrote:

...
     Hello,
     We try to implement the following use case :
     We have a Realm and a Client that allow users to login with the rest
 api /auth/realms/{Realm}/protocol/openid-connect/token (from a mobile
 application).
     Users should be able to login with a Facebook token by using the same
 rest api but with token-exchange grant_type only if a keycloak user already
 exists and if it’s linked with Facebook identity provider.
     Problem: if a user that does not exist in Keycloak exchange a Facebook
 token, it’ll be automatically created by keycloak and an access_token is
 return.
     We try to modify First Login Flow in Identity provider configuration,
 but it does not work.
     How we can prevent keycloak to create user and return an error if
 there is no keycloak user linked to the facebook token?

     Thanks in advance,
     Florian

 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Keycloak always create user when use exchange_token grant_type