Re: [keycloak-user] OIDC access_token URL parameter rather than Bearer Authentication header

According to the tests added in https://github.com/keycloak/keycloak/commit/159b37197335cc56fbb2097086e96f c752da9e40, when the "access_token" parameter was added, I should be able to reach directly a REST endpoint using that query parameter. That does look like a bug with the Spring Security adapter. 2017-09-15 14:17 GMT-04:00 Gabriel Lavoie <glavoie(a)gmail.com&gt;: > Hi, > we have one use case where we want to use a access_token URL > parameter rather than the Authorization: Bearer header, to allow SSO from a > mobile app to Safari. > > KeycloakAuthenticationProcessingFilter.java ( https://github.com/keycloak/ > keycloak/blob/2cadf0a2602065c32140de5c1c7394900ae55a65/adapters/oidc/ > spring-security/src/main/java/org/keycloak/adapters/ springsecurity/filter/ > KeycloakAuthenticationProcessingFilter.java), the authentication flow is > different when using the query param vs the Authorization header. Any > reason for this? > > - Header: Upon successful authentication, the filter chain is processed to > the requested page. > - Query param: Upon successful authentication, default success handler is > called and user is redirected to a target page (/ by default) (first > condition of KeycloakAuthenticationProcessingFilter. > successfulAuthentication(): > > > if (!(this.isBearerTokenRequest(request) || this.isBasicAuthRequest( request))) > { > super.successfulAuthentication(request, response, chain, authResult); > return; > } > > Thanks, > > Gabriel > -- > Gabriel Lavoie > glavoie(a)gmail.com > -- Gabriel Lavoie glavoie(a)gmail.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user