Re: [keycloak-user] Missing Basic Authentication functionality for connecting to an OpenId Identity Provider

I have created an issue for this problem, with a patch which adds extra functionality for an OpenID Identity Provider. (Maybe it is even better to add this functionality in the OAuth2Provider, but in my case, it was only relevant for OpenID). The patch adds an option in the OpenID Identity Provider which allows specifying if you want to send your client_id and client_secret as POST parameters of as an Authorization Header. https://issues.jboss.org/browse/KEYCLOAK-6761 Regards, Ulrich Merckx On 23 Feb 2018, at 14:20, Merckx, Ulrich <ulrich.merckx@vlaanderen.be<mailto:ulrich.merckx@vlaanderen.be>> wrote: Hi, We are having an issue while connecting from keycloak to a certain OpenId Identity Provider. The OpenId Provider only supports logging in with Basic Authentication (client_id and client_secret), as specified in "token_endpoint_auth_methods_supported": [ "client_secret_basic” ] Currently keycloak does only support ‘posting' the client_id and client_secret. This will not work with the OpenID Identity Provider. Or maybe I don’t see how to configure it. Code: https://github.com/keycloak/keycloak/blob/63efee6e158c4a06d4948819cb36ccf... Can you confirm connecting to an OpenId Identity Provider with Basic Authentication is not implemented in keycloak. If this is not implemented I will make a JIRA issue. The OAuth RFC also states that it is recommended to use Basic Authentication over Posting. (see: https://tools.ietf.org/html/rfc6749#section-2.3.1). Kind regards, Ulrich Merckx Ontwikkelaar