[keycloak-user] how to set 'scope=offline_access' in keycloak-nodejs-connect during login
Marek Posolda
mposolda at redhat.com
Wed Aug 31 08:18:59 EDT 2016
Just one small thing to clarify. Maybe you're already aware for it
(Sorry for spaming then ) :-)
The "scope=openid" should be always there per OIDC specification. So if
you want to add "offline_access" or other scope value, the parameter
should be like "scope=openid offline_access" (encoded value is
"openid%20offline_access" ).
Marek
On 31/08/16 12:43, Sebastien Blanc wrote:
> Well yes there is an ugly workaround :) , in your
> node_modules/keycloak-connnect/index.js at line 304 , you can replace
> openid with offline_access
>
> On Wed, Aug 31, 2016 at 12:39 PM, sheishere b <sheishere48 at gmail.com
> <mailto:sheishere48 at gmail.com>> wrote:
>
> Is there some workaround ? Is it possible to override the login
> url & replace "scope=openid" to "scope=offline" ?
>
> On Wed, Aug 31, 2016 at 2:39 PM, sheishere b
> <sheishere48 at gmail.com <mailto:sheishere48 at gmail.com>> wrote:
>
> Ok, thanks.
> It would be great if you could create jira & share the
> information.
>
> On Wed, Aug 31, 2016 at 2:03 PM, Sebastien Blanc
> <sblanc at redhat.com <mailto:sblanc at redhat.com>> wrote:
>
> I just made some tests and looked at the nodejs adapter
> code, it doesn't look like it supports offline_access
> since it's hardcoded to "scope=openid" (
> https://github.com/keycloak/keycloak-nodejs-connect/blob/master/index.js#L304
> <https://github.com/keycloak/keycloak-nodejs-connect/blob/master/index.js#L304>
> ).
>
> Fix would be quite simple since we have access to the
> original url query parameters through the redirectUrl
> parameter of the function.
>
> I can create a jira for this.
>
>
>
> On Wed, Aug 31, 2016 at 9:43 AM, Stian Thorgersen
> <sthorger at redhat.com <mailto:sthorger at redhat.com>> wrote:
>
> Do we support offline_access param in Node.js adapter?
>
> On 31 August 2016 at 09:11, Marek Posolda
> <mposolda at redhat.com <mailto:mposolda at redhat.com>> wrote:
>
> It depends if keycloak-nodejs adapter has some
> nice support for "inject" the custom value of
> scope parameter into the initial Keycloak login (
> AuthorizationEndpoint ) URL.
>
> Our java adapter has support for it, as it
> "forwards" the value of scope parameter from the
> secured URL to the Keycloak login URL. For example
> if you open
> "http://localhost:/yourapp/secured?scope=offline_access"
> <http://localhost:/yourapp/secured?scope=offline_access>,
> the adapter forwards the "scope=offline_access" to
> the Keycloak. Our keycloak.js adapter also has
> support for adding custom scope. However not
> really sure about keycloak-nodejs-connect.
>
> Maybe either someone more familiar with keycloak
> nodeJS adapter will reply. Or you can try to dig
> yourself and eventually create JIRA (or even
> better send PR) for adding the missing functionality.
>
> Marek
>
>
> On 30/08/16 11:51, sheishere b wrote:
>> Hello,
>>
>> From nodejs, I am trying to integrate with
>> keycloak server.
>> Have followed the steps mentioned in
>> https://github.com/keycloak/keycloak-nodejs-connect
>> <https://github.com/keycloak/keycloak-nodejs-connect>
>>
>> But I need to use offline access to generate
>> offline token as mentioned here,
>> https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.1/topics/sessions/offline.html
>> <https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.1/topics/sessions/offline.html>
>>
>> How can this be done from nodejs?
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
> _______________________________________________
> keycloak-user mailing list keycloak-user at lists.jboss.org
> <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160831/72306612/attachment-0001.html
More information about the keycloak-user
mailing list