Why do you think the issuer should be changed to accounts.google.com?
I'm not sure about the keys as our code eats the error. How can I
reproduce this? Meaning how can I set up my google account and such?
Same as regular social provider stuff?
On 5/12/2015 5:37 PM, Thorsten wrote:
I tried to import the basic IDP config for a custom "OpenID
Connect
v1.0" provider from the published Google autoconf URL:
https://accounts.google.com/.well-known/openid-configuration
The URLs are picked up fine but there seem to be two issues:
1.) the "Issuer" is imported as "https://accounts.google.com" when
it
should be "accounts.google.com <
http://accounts.google.com>"
2.) the public validation keys are not imported correctly. The always
produce
12:09:40,416 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default
task-17) Failed to make identity provider oauth callback:
org.keycloak.broker.provider.IdentityBrokerException: token signature
validation failed
at
org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdentityProvider.java:286)
when authentication is being performed.
Are these bugs or is the published discovery document from Google not
standard compliant?
Thanks
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com