[keycloak-user] OIDC access_token URL parameter rather than Bearer Authentication header

Gabriel Lavoie glavoie at gmail.com
Tue Sep 19 14:05:53 EDT 2017


https://issues.jboss.org/browse/KEYCLOAK-5499 and
https://github.com/keycloak/keycloak/pull/4488 submitted.

Gabriel

2017-09-18 13:19 GMT-04:00 Gabriel Lavoie <glavoie at gmail.com>:

> Hi Sebastien,
>      I will, when a PR is ready to submit. I must fix this for a new use
> case we have.
>
> Gabriel
>
> 2017-09-18 9:50 GMT-04:00 Sebastien Blanc <sblanc at redhat.com>:
>
>> If you believe it's a bug, please open a detailed JIRA ticket, we will
>> take a look at it.
>>
>>
>> On Mon, Sep 18, 2017 at 2:22 PM, Gabriel Lavoie <glavoie at gmail.com>
>> wrote:
>>
>>> According to the tests added in
>>> https://github.com/keycloak/keycloak/commit/159b37197335cc56
>>> fbb2097086e96fc752da9e40,
>>> when the "access_token" parameter was added, I should be able to reach
>>> directly a REST endpoint using that query parameter. That does look like
>>> a
>>> bug with the Spring Security adapter.
>>>
>>> 2017-09-15 14:17 GMT-04:00 Gabriel Lavoie <glavoie at gmail.com>:
>>>
>>> > Hi,
>>> >      we have one use case where we want to use a access_token URL
>>> > parameter rather than the Authorization: Bearer header, to allow SSO
>>> from a
>>> > mobile app to Safari.
>>> >
>>> > KeycloakAuthenticationProcessingFilter.java (
>>> https://github.com/keycloak/
>>> > keycloak/blob/2cadf0a2602065c32140de5c1c7394900ae55a65/adapters/oidc/
>>> > spring-security/src/main/java/org/keycloak/adapters/springse
>>> curity/filter/
>>> > KeycloakAuthenticationProcessingFilter.java), the authentication flow
>>> is
>>> > different when using the query param vs the Authorization header. Any
>>> > reason for this?
>>> >
>>> > - Header: Upon successful authentication, the filter chain is
>>> processed to
>>> > the requested page.
>>> > - Query param: Upon successful authentication, default success handler
>>> is
>>> > called and user is redirected to a target page (/ by default) (first
>>> > condition of KeycloakAuthenticationProcessingFilter.
>>> > successfulAuthentication():
>>> >
>>> >
>>> > if (!(this.isBearerTokenRequest(request) ||
>>> this.isBasicAuthRequest(request)))
>>> > {
>>> >     super.successfulAuthentication(request, response, chain,
>>> authResult);
>>> >     return;
>>> > }
>>> >
>>> > Thanks,
>>> >
>>> > Gabriel
>>> > --
>>> > Gabriel Lavoie
>>> > glavoie at gmail.com
>>> >
>>>
>>>
>>>
>>> --
>>> Gabriel Lavoie
>>> glavoie at gmail.com
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
>
> --
> Gabriel Lavoie
> glavoie at gmail.com
>



-- 
Gabriel Lavoie
glavoie at gmail.com


More information about the keycloak-user mailing list