[keycloak-user] AT as Query Param
Simon Faust
simon.faust at gmx.de
Tue Jul 17 15:58:59 EDT 2018
it seems to be fixed in version 4.2.0
For those working on older versions:
Instantiate KeycloakAuthenticationProcessingFilter with an additional
RequestMatcher that matches requests having an access_token query parameter.
Adapt KeycloakAuthenticationProcessingFilter.successfulAuthentication()
to handle queryParamToken-request like bearerToken- and basicAuth-requests.
Cheers Simon
Am 17.07.2018 um 11:11 schrieb Simon Faust:
> Hi,
>
> I've a REST Server secured using bearer-only. Now I'm stuck with the
> file download usecase (no token in http header).
>
> According to KEYCLOAK-2650
> <https://issues.jboss.org/browse/KEYCLOAK-2650> it's possible to pass
> Access Token as a Query Parameter (guess its name is "access_token",
> right?). On testing that every request I make gets redirected to
> /sso/login.
>
> Am I missing some configuration? It seems that the Keycloak adapter does
> not try at all to get a token from query param... I'm using
> keycloak-spring-security-adapter 3.2.1
>
> Thanks in advance, Simon
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list