[keycloak-user] Keycloak always create user when use exchange_token grant_type

Pedro Igor Silva psilva at redhat.com
Wed Jun 27 09:45:29 EDT 2018


During the exchange of an external token to an internal token if the user
is not federated it will be always created. You can create a RFE in JIRA
describing your requirements in more details and we'll see/discuss how we
can support that.

Regards.
Pedro Igor

On Wed, Jun 27, 2018 at 3:53 AM, Florian Bernard <fbernard at appstud.com>
wrote:

>     Hello,
>     We try to implement the following use case :
>     We have a Realm and a Client that allow users to login with the rest
> api /auth/realms/{Realm}/protocol/openid-connect/token (from a mobile
> application).
>     Users should be able to login with a Facebook token by using the same
> rest api but with token-exchange grant_type only if a keycloak user already
> exists and if it’s linked with Facebook identity provider.
>     Problem: if a user that does not exist in Keycloak exchange a Facebook
> token, it’ll be automatically created by keycloak and an access_token is
> return.
>     We try to modify First Login Flow in Identity provider configuration,
> but it does not work.
>     How we can prevent keycloak to create user and return an error if
> there is no keycloak user linked to the facebook token?
>
>     Thanks in advance,
>     Florian
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list