[keycloak-user] patch for mod_auth_openidc apache module for keycloak oauth
c p
oop12000 at gmail.com
Mon May 15 04:43:11 EDT 2017
Dear All,
Just for sharing, have made the apache mod_auth_openidc module works with
keycloak token introspection, just apply the below patch to src/oauth.c
then set the OIDCOAuthIntrospectionEndpointParams
token_type_hint=refresh_token.
--- mod_auth_openidc/src/oauth.c 2017-05-15 16:20:48.698526596 +0800
+++ mod_auth_openidc_keycloak/src/oauth.c 2017-05-15
16:17:06.022631865 +0800
@@ -83,12 +83,19 @@
apr_table_addn(params, OIDC_PROTO_CLIENT_ID,
c->oauth.client_id);
apr_table_addn(params, OIDC_PROTO_CLIENT_SECRET,
c->oauth.client_secret);
+
} else {
basic_auth = apr_psprintf(r->pool, "%s:%s",
c->oauth.client_id,
c->oauth.client_secret);
}
+ }else{
+ if ((c->provider.client_id != NULL) &&
(c->provider.client_secret!=NULL)){
+ basic_auth = apr_psprintf(r->pool, "%s:%s",
c->provider.client_id,
+ c->provider.client_secret);
}
+}
+
/* call the endpoint with the constructed parameter set and return
the resulting response */
return apr_strnatcmp(c->oauth.introspection_endpoint_method,
OIDC_INTROSPECTION_METHOD_GET) == 0 ?
Regards,
Steven
More information about the keycloak-user
mailing list