patch for mod_auth_openidc apache module for keycloak oauth

Monday, 15 May 2017

Dear All,

Just for sharing, have made the apache mod_auth_openidc module works with
keycloak token introspection, just apply the below patch to src/oauth.c
then set the OIDCOAuthIntrospectionEndpointParams
token_type_hint=refresh_token.

--- mod_auth_openidc/src/oauth.c        2017-05-15 16:20:48.698526596 +0800
+++ mod_auth_openidc_keycloak/src/oauth.c       2017-05-15
16:17:06.022631865 +0800
@@ -83,12 +83,19 @@
                        apr_table_addn(params, OIDC_PROTO_CLIENT_ID,
c->oauth.client_id);
                        apr_table_addn(params, OIDC_PROTO_CLIENT_SECRET,
                                        c->oauth.client_secret);
+
                } else {
                        basic_auth = apr_psprintf(r->pool, "%s:%s",
c->oauth.client_id,
                                        c->oauth.client_secret);
                }
+       }else{
+           if ((c->provider.client_id != NULL) &&
(c->provider.client_secret!=NULL)){
+               basic_auth = apr_psprintf(r->pool, "%s:%s",
c->provider.client_id,
+                                        c->provider.client_secret);
        }

+}
+
        /* call the endpoint with the constructed parameter set and return
the resulting response */
        return apr_strnatcmp(c->oauth.introspection_endpoint_method,
                        OIDC_INTROSPECTION_METHOD_GET) == 0 ?


Regards,

Steven

    

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014