[keycloak-user] how to set 'scope=offline_access' in keycloak-nodejs-connect during login

Wed Aug 31 08:43:44 EDT 2016

The best thing to do is to fix it, any workaround will just mess with
OIDC certification.

On 2016-08-31, Sebastien Blanc wrote:
> Well yes there is an ugly workaround :) , in your
> node_modules/keycloak-connnect/index.js at line 304 , you can replace
> openid with offline_access
>
> On Wed, Aug 31, 2016 at 12:39 PM, sheishere b <sheishere48 at gmail.com> wrote:
>
> > Is there some workaround ? Is it possible to override the login url &
> > replace "scope=openid" to "scope=offline" ?
> >
> > On Wed, Aug 31, 2016 at 2:39 PM, sheishere b <sheishere48 at gmail.com>
> > wrote:
> >
> >> Ok, thanks.
> >> It would be great if you could create jira & share the information.
> >>
> >> On Wed, Aug 31, 2016 at 2:03 PM, Sebastien Blanc <sblanc at redhat.com>
> >> wrote:
> >>
> >>> I just made some tests and looked at the nodejs adapter code, it doesn't
> >>> look like it supports offline_access since it's hardcoded to "scope=openid"
> >>> ( https://github.com/keycloak/keycloak-nodejs-connect/blob/mas
> >>> ter/index.js#L304 ).
> >>>
> >>> Fix would be quite simple since we have access to the original url query
> >>> parameters through the redirectUrl parameter of the function.
> >>>
> >>> I can create a jira for this.
> >>>
> >>>
> >>>
> >>> On Wed, Aug 31, 2016 at 9:43 AM, Stian Thorgersen <sthorger at redhat.com>
> >>> wrote:
> >>>
> >>>> Do we support offline_access param in Node.js adapter?
> >>>>
> >>>> On 31 August 2016 at 09:11, Marek Posolda <mposolda at redhat.com> wrote:
> >>>>
> >>>>> It depends if keycloak-nodejs adapter has some nice support for
> >>>>> "inject" the custom value of scope parameter into the initial Keycloak
> >>>>> login ( AuthorizationEndpoint ) URL.
> >>>>>
> >>>>> Our java adapter has support for it, as it "forwards" the value of
> >>>>> scope parameter from the secured URL to the Keycloak login URL. For example
> >>>>> if you open "http://localhost:/yourapp/secured?scope=offline_access"
> >>>>> <http://localhost:/yourapp/secured?scope=offline_access>, the adapter
> >>>>> forwards the "scope=offline_access" to the Keycloak. Our keycloak.js
> >>>>> adapter also has support for adding custom scope. However not really sure
> >>>>> about keycloak-nodejs-connect.
> >>>>>
> >>>>> Maybe either someone more familiar with keycloak nodeJS adapter will
> >>>>> reply. Or you can try to dig yourself and eventually create JIRA (or even
> >>>>> better send PR) for adding the missing functionality.
> >>>>>
> >>>>> Marek
> >>>>>
> >>>>>
> >>>>> On 30/08/16 11:51, sheishere b wrote:
> >>>>>
> >>>>> Hello,
> >>>>>
> >>>>> From nodejs, I am trying to integrate with keycloak server.
> >>>>> Have followed the steps mentioned in
> >>>>> <https://github.com/keycloak/keycloak-nodejs-connect>
> >>>>> https://github.com/keycloak/keycloak-nodejs-connect
> >>>>> But I need to use offline access to generate offline token as
> >>>>> mentioned here, https://keycloak.gitbooks.io/s
> >>>>> erver-adminstration-guide/content/v/2.1/topics/sessions/offline.html
> >>>>> How can this be done from nodejs?
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> keycloak-user mailing list
> >>>>> keycloak-user at lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> keycloak-user mailing list
> >>>> keycloak-user at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>
> >>>
> >>>
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>
> >>
> >>
> >

--

abstractj
PGP: 0x84DC9914