Re: [keycloak-user] Authorization code flow without a browser

As I understand it, using the authorization code flow rather than the implicit flow is recommended where possible. We have a server-side client application, but the user agents making requests are not browsers, but instead our own code. I'm not entirely sure how to make the authorization code flow work without a browser. For instance, if on the command line I request curl 'http://host:port /auth/realms/foo/protocol/openid-connect/auth?response_type=code&client_id=test-client&state=state&redirect_uri= http://www.example.com/hello-world' Then (assuming the parameters are correct) I get back an HTML login page with a form. In order to submit the credentials, I would need to dig the URL out of the action of the form and then submit a request like curl -X POST -d 'username=test-user' -d 'password=test1234' 'http://host:port /auth/realms/foo/login-actions/authenticate?code=Ctr79aRsbwPPkC4nEeT2vR9-TuC31uuXngQXoHQH6FE.ef26cfcd-a35b-4d1e-a4f7-49790f6e2f00&execution=a86f56da-9900-4f1d-a461-f18617a2333b' Three questions: 1. Is there some reason I shouldn't be trying to implement the authorization code flow like this? 2. Is there a way to get the proper login action back without having to dig it out of an HTML form? I've tried adding --header "Accept: application/json" to the command but this has no effect. 3. Is there a way of submitting credentials other than by using form parameters? I've tried HTTP basic auth but it doesn't work for me. -- Aikeaguinea aikeaguinea(a)xsmail.com -- http://www.fastmail.com - Same, same, but different... _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user