1:53 a.m.
Hello,
We try to implement the following use case :
We have a Realm and a Client that allow users to login with the rest api
/auth/realms/{Realm}/protocol/openid-connect/token (from a mobile application).
Users should be able to login with a Facebook token by using the same rest api but
with token-exchange grant_type only if a keycloak user already exists and if it’s linked
with Facebook identity provider.
Problem: if a user that does not exist in Keycloak exchange a Facebook token, it’ll be
automatically created by keycloak and an access_token is return.
We try to modify First Login Flow in Identity provider configuration, but it does not
work.
How we can prevent keycloak to create user and return an error if there is no keycloak
user linked to the facebook token?
Thanks in advance,
Florian
8:45 a.m.
During the exchange of an external token to an internal token if the user
is not federated it will be always created. You can create a RFE in JIRA
describing your requirements in more details and we'll see/discuss how we
can support that.
Regards.
Pedro Igor
On Wed, Jun 27, 2018 at 3:53 AM, Florian Bernard <fbernard(a)appstud.com>
wrote:
Hello,
We try to implement the following use case :
We have a Realm and a Client that allow users to login with the rest
api /auth/realms/{Realm}/protocol/openid-connect/token (from a mobile
application).
Users should be able to login with a Facebook token by using the same
rest api but with token-exchange grant_type only if a keycloak user already
exists and if it’s linked with Facebook identity provider.
Problem: if a user that does not exist in Keycloak exchange a Facebook
token, it’ll be automatically created by keycloak and an access_token is
return.
We try to modify First Login Flow in Identity provider configuration,
but it does not work.
How we can prevent keycloak to create user and return an error if
there is no keycloak user linked to the facebook token?
Thanks in advance,
Florian
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
10:45 a.m.
Hi Pedro,
Ok, thanks for your answer.
Regards,
Florian
From: Pedro Igor Silva <psilva(a)redhat.com>
Date: Wednesday 27 June 2018 at 15:45
To: Florian Bernard <fbernard(a)appstud.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] Keycloak always create user when use exchange_token
grant_type
During the exchange of an external token to an internal token if the user is not federated
it will be always created. You can create a RFE in JIRA describing your requirements in
more details and we'll see/discuss how we can support that.
Regards.
Pedro Igor
On Wed, Jun 27, 2018 at 3:53 AM, Florian Bernard
<fbernard@appstud.com<mailto:fbernard@appstud.com>> wrote:
Hello,
We try to implement the following use case :
We have a Realm and a Client that allow users to login with the rest api
/auth/realms/{Realm}/protocol/openid-connect/token (from a mobile application).
Users should be able to login with a Facebook token by using the same rest api but
with token-exchange grant_type only if a keycloak user already exists and if it’s linked
with Facebook identity provider.
Problem: if a user that does not exist in Keycloak exchange a Facebook token, it’ll be
automatically created by keycloak and an access_token is return.
We try to modify First Login Flow in Identity provider configuration, but it does not
work.
How we can prevent keycloak to create user and return an error if there is no keycloak
user linked to the facebook token?
Thanks in advance,
Florian
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
2387
days inactive
2387
days old
2 comments
2 participants
participants (2)
-
Florian Bernard -
Pedro Igor Silva