[keycloak-user] OIDC access_token URL parameter rather than Bearer Authentication header
Gabriel Lavoie
glavoie at gmail.com
Fri Sep 15 14:17:23 EDT 2017
Hi,
we have one use case where we want to use a access_token URL parameter
rather than the Authorization: Bearer header, to allow SSO from a mobile
app to Safari.
KeycloakAuthenticationProcessingFilter.java (
https://github.com/keycloak/keycloak/blob/2cadf0a2602065c32140de5c1c7394900ae55a65/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java),
the authentication flow is different when using the query param vs the
Authorization header. Any reason for this?
- Header: Upon successful authentication, the filter chain is processed to
the requested page.
- Query param: Upon successful authentication, default success handler is
called and user is redirected to a target page (/ by default) (first
condition of
KeycloakAuthenticationProcessingFilter.successfulAuthentication():
if (!(this.isBearerTokenRequest(request) ||
this.isBasicAuthRequest(request))) {
super.successfulAuthentication(request, response, chain, authResult);
return;
}
Thanks,
Gabriel
--
Gabriel Lavoie
glavoie at gmail.com
More information about the keycloak-user
mailing list