[keycloak-dev] social/broker errors
Vlastimil Elias
velias at redhat.com
Wed Mar 25 10:43:44 EDT 2015
Same is StackOverflow provider I added on monday, it doesn't work now.
Problem is in AbstractOAuth2IdentityProvider class, where
extractTokenFromResponse() method (which was able to distinguish between
JSON and URL encoded responses) is not used anymore, but direct JSON
parsing is used now. We should return back use of
extractTokenFromResponse()
Vl.
On 25.3.2015 14:57, Stian Thorgersen wrote:
> Had a quick look at it and seems Facebook and GitHub return access token response as form-url-encoded (access_token=<...>&foo=bar).
>
> Another thing I spotted was that I'm pretty sure we're not validating the SSL connection when sending requests to the IdPs. We should drop the SimpleHttp util I created and use something better (Apache or RestEasy) and make sure it's possible to setup a truststore). SimpleHttp was only created as we initially wanted the social lib to be a reusable lightweight lib, but now it's only for KC so there's no point in it and it's pretty crap for many reasons!
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 25 March, 2015 2:52:07 PM
>> Subject: [keycloak-dev] social/broker errors
>>
>> I'll look into all the social/broker errors and test out on all social
>> providers (again) after I finish up some logout work.
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Vlastimil Elias
Principal Software Engineer
jboss.org Development Team
More information about the keycloak-dev
mailing list