[keycloak-dev] Google ID Broken & Devs do not care

Thomas Darimont thomas.darimont at googlemail.com
Fri Jul 26 11:46:50 EDT 2019


Hello Nick,

"All it would take is to add "access_type=offline" to the Google auth URL
and yet still it is broken, they just don't care enough to do even that
simple task."

isn't this already implemented?
See:
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java#L106


What's missing?

Cheers,
Thomas

On Thu, 25 Jul 2019 at 21:40, Nick Powers <sshscp at gmail.com> wrote:

> I have wasted so much time deploying Keycloak to only learn in the end that
> it doesn't support Google offline access and thus cannot retrieve Google
> refresh tokens.  I am not alone, there are many messages in both the
> Keycloak user and dev mailing lists discussing the lack of offline access
> for Google IDP on Keycloak.
>
> When this comes up in the user mailing list the messages are generally not
> responded to.  Which makes sense since there is not a working solution to
> receive Google refresh tokens using Keycloak's Google IDP solution.  It is
> broken and thus the users cannot provide a solution.
>
> When this comes up in this (the dev) mailing list, it is again ignored or
> it is debated but end up with the same sentiment, that offline access /
> refresh tokens from Google IDP is not a worthwhile feature.  I found many
> messages in the dev mailing list, spanning from 4 years ago to current
> identifying this issue and yet it remains unfixed.  All it would take is to
> add "access_type=offline" to the Google auth URL and yet still it is
> broken, they just don't care enough to do even that simple task.  They
> think that it is silly that anyone would need a Google refresh token.
>
> I found the code segment that related to Google offline access in Keycloak
> and there was a comment that identified an email address of the person who
> wrote that section of code.  It was a Red Hat email, from regular user on
> this mailing list.  I reached out to him and his response was that he had
> no time to respond to my query and that Red Hat does not support Keycloak.
> Maybe don't put your email into code you don't want to get queries on? So,
> if Red Hat is not supporting their own project, in any regard, and the devs
> have no intention of fixing this bug the assumption is that Google IDP will
> never be fixed.
>
> If you landed on this message, now or in the future, in hopes of finding a
> solution to get Google refresh tokens from Keycloak IDP all I can do is try
> to save you some time and say that Google IDP on Keycloak is currently
> broken in that regards and if the past is any indication the devs have no
> intention of fixing the code to allow that access.
>
> If any devs on this list disagree with this message then please let me know
> what I have missed and point me in the direction of a solution for this
> issue....... I didn't think so.
>
> :(
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list