[keycloak-dev] Google ID Broken & Devs do not care

Federico Michele Facca federico.facca at martel-innovate.com
Fri Jul 26 14:47:48 EDT 2019


guys, let me comment that this is open source :) so something is not there?
work on it!
this is not a product you pay for, who is working paid by a company on it,
it's doing it inline with the corporate strategy, which may means that if a
feature
is not a priority for their company, despite they understand its
importance, they may not give it priority.

take care,
federico

On Fri, 26 Jul 2019 at 19:21, Nick Powers <sshscp at gmail.com> wrote:

> Yes,  I received a response to a message in the user mailing list that
> identified where I needed to enable it.  Please ignore my original email on
> this as I was able to enable this by turning on Request refresh token in
> the IDP configuration in the Keycloak GUI.  This is currently an
> undocumented feature.  Hopefully it will make it into the documentation
> soon.
>
> I apologize for the harshness of my original email, I was just at my wits
> end.  I would have responded to this sooner but I don't know how I can
> respond to my own messages in this mailing list, since I do not receive me
> own message in my inbox.
>
> Thanks,
>
> Nick
>
> On Fri, Jul 26, 2019 at 9:47 AM Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>
> > Hello Nick,
> >
> > "All it would take is to add "access_type=offline" to the Google auth URL
> > and yet still it is broken, they just don't care enough to do even that
> > simple task."
> >
> > isn't this already implemented?
> > See:
> >
> >
> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java#L106
> >
> >
> > What's missing?
> >
> > Cheers,
> > Thomas
> >
> > On Thu, 25 Jul 2019 at 21:40, Nick Powers <sshscp at gmail.com> wrote:
> >
> >> I have wasted so much time deploying Keycloak to only learn in the end
> >> that
> >> it doesn't support Google offline access and thus cannot retrieve Google
> >> refresh tokens.  I am not alone, there are many messages in both the
> >> Keycloak user and dev mailing lists discussing the lack of offline
> access
> >> for Google IDP on Keycloak.
> >>
> >> When this comes up in the user mailing list the messages are generally
> not
> >> responded to.  Which makes sense since there is not a working solution
> to
> >> receive Google refresh tokens using Keycloak's Google IDP solution.  It
> is
> >> broken and thus the users cannot provide a solution.
> >>
> >> When this comes up in this (the dev) mailing list, it is again ignored
> or
> >> it is debated but end up with the same sentiment, that offline access /
> >> refresh tokens from Google IDP is not a worthwhile feature.  I found
> many
> >> messages in the dev mailing list, spanning from 4 years ago to current
> >> identifying this issue and yet it remains unfixed.  All it would take is
> >> to
> >> add "access_type=offline" to the Google auth URL and yet still it is
> >> broken, they just don't care enough to do even that simple task.  They
> >> think that it is silly that anyone would need a Google refresh token.
> >>
> >> I found the code segment that related to Google offline access in
> Keycloak
> >> and there was a comment that identified an email address of the person
> who
> >> wrote that section of code.  It was a Red Hat email, from regular user
> on
> >> this mailing list.  I reached out to him and his response was that he
> had
> >> no time to respond to my query and that Red Hat does not support
> Keycloak.
> >> Maybe don't put your email into code you don't want to get queries on?
> So,
> >> if Red Hat is not supporting their own project, in any regard, and the
> >> devs
> >> have no intention of fixing this bug the assumption is that Google IDP
> >> will
> >> never be fixed.
> >>
> >> If you landed on this message, now or in the future, in hopes of
> finding a
> >> solution to get Google refresh tokens from Keycloak IDP all I can do is
> >> try
> >> to save you some time and say that Google IDP on Keycloak is currently
> >> broken in that regards and if the past is any indication the devs have
> no
> >> intention of fixing the code to allow that access.
> >>
> >> If any devs on this list disagree with this message then please let me
> >> know
> >> what I have missed and point me in the direction of a solution for this
> >> issue....... I didn't think so.
> >>
> >> :(
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


-- 
*Dr. FEDERICO MICHELE FACCA*
*CTO, Head of Martel Lab*
+41 788075838
*MARTEL INNOVATE* <https://www.martel-innovate.com/> - INNOVATION, WE MAKE
IT HAPPEN
Click *HERE* to download Martel reports and white papers!
<https://www.martel-innovate.com/premium-content/>
Follow us on *TWITTER* <https://twitter.com/Martel_Innovate>


More information about the keycloak-dev mailing list