[keycloak-user] Implicit Flow - Invalid grant_type

Jonas Schönenberger jonas.schoenenberger at gmail.com
Fri Jul 27 12:39:45 EDT 2018


Hi everyone

I would like to use the implicit flow with some of my services that use
Keycloak as their Identity-Provider. According to the documentation a token
can be obtained from the token endpoint with the implicit flow:

/realms/{realm-name}/protocol/openid-connect/token
> This is the URL endpoint for obtaining a temporary code in the
> Authorization Code Flow or for obtaining tokens via the Implicit Flow,
> Direct Grants, or Client Grants.


In the well-known config "implicit" is listed as a valid grant_type:

"grant_types_supported": [
>         "authorization_code",
>         "implicit",
>         "refresh_token",
>         "password",
>         "client_credentials"
>     ]


However calls to the above mentioned token endpoint fail with an "Invalid
grant_type" error when I set the "grant_type" to "implicit" and try to
fetch a token. Besides the implicit grant_type I handover the client_id of
my client, its redirect url, "id_token token" as "response_type" and as
"scope" "openid". Implicit flow is enabled on the clients I want to use
that flow with.

I had a look at the source code and it seems that the implicit grant_type
is not one of the accepted grant types:
https://github.com/keycloak/keycloak/blob/8b6979ac18b19eb47e618e05ccffdde0c9adb6ff/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java#L239

Does someone know how to obtain a token with the implicit flow from
Keycloak and whether it is possible through the above mentioned API at all?

Thank you for your support and Best Regards
Jonas


More information about the keycloak-user mailing list