[keycloak-user] OAuth Access Token Response in XML
Aswini Sarathi
asarathi at vizuri.com
Mon Jul 4 13:49:02 EDT 2016
Appreciate the response.I wanted a confirmation before telling them. Thank you !
> On Jul 4, 2016, at 1:42 PM, Stian Thorgersen <sthorger at redhat.com> wrote:
>
> Well.. This is OpenID Connect and the response should be in JSON. You should tell your user to parse the JSON and not expect XML.
>
> If he really wants XML then maybe he'd be happy with using SAML instead.
>
> I'd recommend against doing something custom, but you can in theory do that with either the protocol SPI or the rest resource spi.
>
> On 4 July 2016 at 19:32, Aswini Sarathi <asarathi at vizuri.com <mailto:asarathi at vizuri.com>> wrote:
> I tried getting a token using the token endpoint with grant type as "password" and this is what I got in the response and the content-type was set to application/json in the header. My question is what would I need to do if I want the below response in xml. I have a user who wants to parse a XML response instead and get the access token. Please let me know if I am not doing anything correctly.
>
> {
> "access_token": "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJjZWVjZmNiZS1lODJmLTQ2MWQtODljMi05MGY0NGZiNTcwNTIiLCJleHAiOjE0Njc2NTM1MDgsIm5iZiI6MCwiaWF0IjoxNDY3NjUzMjA4LCJpc3MiOiJodHRwOi8vdml6MDIubmV0MzIubmV0OjgwODAvYXV0aC9yZWFsbXMvTmV0MzIiLCJhdWQiOiJWZW5kb3JBUEkiLCJzdWIiOiIxYjhhZWJkNC1iNDU0LTQzYTYtODRlOS05MmQxMjc1NGFmNDUiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJWZW5kb3JBUEkiLCJzZXNzaW9uX3N0YXRlIjoiOWNhOTYxYzktMWI4OC00NzhlLWI0OTEtNTE1YWZiMDYwZTY1IiwiY2xpZW50X3Nlc3Npb24iOiI1MDgxNGZjMi02NWIwLTQ4YmYtYWY3OS04ZDZmODlhMWFkODciLCJhbGxvd2VkLW9yaWdpbnMiOltdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsidmVuZG9yIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiIiLCJ2ZW5kb3JJZCI6MTg5NTUsInByZWZlcnJlZF91c2VybmFtZSI6InRyYWRlYWx6In0.faGKCcK79sLrYRxCdXHo7iaROKDXJjXsUh83PdnbV2DVWJ5HlaA735zhCoM2XJ3Fn4HIg68zjQy4Q__eC8_UcXDi_qcVz3qcHLhKRHX3xZXMWwaSGrIgmcU--0ntH4Ot4qDayolzk4xOdXahMdRQW4u0Cwiwsfi715TipP0IgOK4B4VcsdbBFF5UlQFwUDTkaKiI8kST-XK6elZcbUGjheVo5qU5-_uVZX9c2DBTyPJ2BRn6UEGfpXigqXEoQS6MXWj4aLiI4vIo8cTQ0dfTbontQMsv17wUif-IikHwoYWkI9TFCBo0Knh3l7D2Z6rEZc8UvmQNeGqRaMVvWN0_TA",
> "expires_in": 300,
> "refresh_expires_in": 1800,
> "refresh_token": "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJjNzZlMjcxZS1hNjYxLTQwMjEtOGNiOC0yOWM2MjRmMTE4ZDIiLCJleHAiOjE0Njc2NTUwMDgsIm5iZiI6MCwiaWF0IjoxNDY3NjUzMjA4LCJpc3MiOiJodHRwOi8vdml6MDIubmV0MzIubmV0OjgwODAvYXV0aC9yZWFsbXMvTmV0MzIiLCJhdWQiOiJWZW5kb3JBUEkiLCJzdWIiOiIxYjhhZWJkNC1iNDU0LTQzYTYtODRlOS05MmQxMjc1NGFmNDUiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiVmVuZG9yQVBJIiwic2Vzc2lvbl9zdGF0ZSI6IjljYTk2MWM5LTFiODgtNDc4ZS1iNDkxLTUxNWFmYjA2MGU2NSIsImNsaWVudF9zZXNzaW9uIjoiNTA4MTRmYzItNjViMC00OGJmLWFmNzktOGQ2Zjg5YTFhZDg3IiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInZlbmRvciJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.AcgsUMKH6Yczq6RxAxiwgViXRoiS2KuqFYdWOAYDmwL7_esy4E3guX9XR-8tBULiEspCNxCbgJca7t3_4jMxeIdhBq4DDqdecCe0XuU6HRugFD8nGDxHGMmotWarZn3mjj1jZmLCwYptoWgNVAJa6bILQafYFTHjb1Xzy_5j6lzk0waT9NMe0LFtVLFnW5xMqWs2gUMLUuY7XLlmNjarl_-LHsE3yiwWw1WR528JN3ld87tlQhGDv8FNfyK6jQ6VJwJbXgPuzfnVfoCVZOMx7K2fhSOTc8m8FgkCtVtX9noWqQt4DzI5N0LkycB9oIndLwZTQDklmuhaRCPkYOvU5g",
> "token_type": "bearer",
> "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0NDMwYmVhMi0xN2FiLTQ3OTUtODNiMC0wYTVkYTc0YzdlNjIiLCJleHAiOjE0Njc2NTM1MDgsIm5iZiI6MCwiaWF0IjoxNDY3NjUzMjA4LCJpc3MiOiJodHRwOi8vdml6MDIubmV0MzIubmV0OjgwODAvYXV0aC9yZWFsbXMvTmV0MzIiLCJhdWQiOiJWZW5kb3JBUEkiLCJzdWIiOiIxYjhhZWJkNC1iNDU0LTQzYTYtODRlOS05MmQxMjc1NGFmNDUiLCJ0eXAiOiJJRCIsImF6cCI6IlZlbmRvckFQSSIsInNlc3Npb25fc3RhdGUiOiI5Y2E5NjFjOS0xYjg4LTQ3OGUtYjQ5MS01MTVhZmIwNjBlNjUiLCJuYW1lIjoiIiwidmVuZG9ySWQiOjE4OTU1LCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0cmFkZWFseiJ9.hhCaW_naA6Agx4rYoP3YP_wYqwXG7oq6DIHFup6JRPG2YckZ0ups46tYRwXG-6DPrRRfCdD36YiGA3sggJZllMlBL-SI4XZ5amayi4J_Ktz_1IleOsQRG49DFflIyk9W4ZWMDSqut2ZYTE0Bfm_yc5XZUNKEY7quPQLGg2JdF2kT7Ka80aHQOIQPvC-Q0IkL7-uyT2Swq2sU8RO4OGMJziKY71UWPpn-ht1p5dOL1lKlZoULS-VCPeCupGoOuR9Y9t88N7vbjFDv3dw3zw67BCA9BwwtsGKCJkhopvaJWS4tiRqFsoSF-_O2IzkuoEjAW3LalMe3vusQjzuFOSdOMQ",
> "not-before-policy": 0,
> "session_state": "9ca961c9-1b88-478e-b491-515afb060e65"
> }
>
> On Mon, Jul 4, 2016 at 1:11 PM, Stian Thorgersen <sthorger at redhat.com <mailto:sthorger at redhat.com>> wrote:
> Adding list back - please use reply all
>
> I'm not following. The response payload is the token, so not sure what it is that you want in XML.
>
> On 4 July 2016 at 15:41, <asarathi at vizuri.com <mailto:asarathi at vizuri.com>> wrote:
> Sorry if I wasn't clear earlier. I don't want the token itself to be in xml. I just want the response payload from the token endpoint to be xml or Json based on the accept header.
>
>
> On Jul 4, 2016, at 3:04 AM, Stian Thorgersen <sthorger at redhat.com <mailto:sthorger at redhat.com>> wrote:
>
>> We only support JWT with OpenID Connect. Can you elaborate on why you want an XML token?
>>
>> You could add a custom REST endpoint or a custom protocol to do this, but not sure I'd recommend doing it as there's a fair bit of logic that goes into the token endpoint.
>>
>> On 1 July 2016 at 18:39, Aswini Sarathi <asarathi at vizuri.com <mailto:asarathi at vizuri.com>> wrote:
>> Hi,
>>
>> I am trying to find out if there is a way to get response from token endpoint /realms/{realm-name}/protocol/openid-connect/token in xml or json format based on the Accept header. If its not supported out of the box, what other options are available to do this? Should I look at creating a custom endpoint by implementing the SPI to do the mapping?
>>
>> Thanks!!
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160704/825ebd13/attachment.html
More information about the keycloak-user
mailing list