Hi, I am working on a desktop application which wants to access various APIs secured by OAuth2 using Keycloak. The workflow I am trying to support is that the application will show an embedded browser widget with the Keycloak login page, and once the user is logged in, my application will extract the OAuth token and use it. I don't want my application to have to listen on a local port and use a redirect URI of http://localhost:port, so the OAuth extension which allows a redirect URI of urn:ietf:wg:oauth:2.0:oob:auto seems ideal. The documentation at https://www.keycloak.org/docs/4.0/securing_apps/ says Keycloak only supports the urn:ietf:wg:oauth:2.0:oob variant, where the user has to copy/paste the code manually into the app. However, confusingly the documentation also claims: "When this redirect uri is used Keycloak displays a page with the code in the title and in a box on the page." The code is not in the title (which just says "Success code") - if it were then it would be easy for my application to extract, and the behaviour would be equivalent to urn:ietf:wg:oauth:2.0:oob:auto Would there be any objection to a bug and patch to: * Treat urn:ietf:wg:oauth:2.0:oob:auto as an alias for urn:ietf:wg:oauth:2.0:oob * Put the code in the page title as well as a box on the page? Thanks, David