Re: [keycloak-user] OIDC access_token URL parameter rather than Bearer Authentication header
Hi Sebastien,
I will, when a PR is ready to submit. I must fix this for a new use
case we have.
Gabriel
2017-09-18 9:50 GMT-04:00 Sebastien Blanc <sblanc(a)redhat.com>:
If you believe it's a bug, please open a detailed JIRA ticket, we
will
take a look at it.
On Mon, Sep 18, 2017 at 2:22 PM, Gabriel Lavoie <glavoie(a)gmail.com> wrote:
> According to the tests added in
> https://github.com/keycloak/keycloak/commit/159b37197335cc56
> fbb2097086e96fc752da9e40,
> when the "access_token" parameter was added, I should be able to reach
> directly a REST endpoint using that query parameter. That does look like a
> bug with the Spring Security adapter.
>
> 2017-09-15 14:17 GMT-04:00 Gabriel Lavoie <glavoie(a)gmail.com>:
>
> > Hi,
> > we have one use case where we want to use a access_token URL
> > parameter rather than the Authorization: Bearer header, to allow SSO
> from a
> > mobile app to Safari.
> >
> > KeycloakAuthenticationProcessingFilter.java (
> https://github.com/keycloak/
> > keycloak/blob/2cadf0a2602065c32140de5c1c7394900ae55a65/adapters/oidc/
> > spring-security/src/main/java/org/keycloak/adapters/springse
> curity/filter/
> > KeycloakAuthenticationProcessingFilter.java), the authentication flow
> is
> > different when using the query param vs the Authorization header. Any
> > reason for this?
> >
> > - Header: Upon successful authentication, the filter chain is processed
> to
> > the requested page.
> > - Query param: Upon successful authentication, default success handler
> is
> > called and user is redirected to a target page (/ by default) (first
> > condition of KeycloakAuthenticationProcessingFilter.
> > successfulAuthentication():
> >
> >
> > if (!(this.isBearerTokenRequest(request) ||
> this.isBasicAuthRequest(request)))
> > {
> > super.successfulAuthentication(request, response, chain,
> authResult);
> > return;
> > }
> >
> > Thanks,
> >
> > Gabriel
> > --
> > Gabriel Lavoie
> > glavoie(a)gmail.com
> >
>
>
>
> --
> Gabriel Lavoie
> glavoie(a)gmail.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Gabriel Lavoie
glavoie(a)gmail.com