[keycloak-user] Keycloak always create user when use exchange_token grant_type

Florian Bernard fbernard at appstud.com
Wed Jun 27 11:45:10 EDT 2018


Hi Pedro,
Ok,  thanks for your answer.

Regards,
Florian

From: Pedro Igor Silva <psilva at redhat.com>
Date: Wednesday 27 June 2018 at 15:45
To: Florian Bernard <fbernard at appstud.com>
Cc: keycloak-user <keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] Keycloak always create user when use exchange_token grant_type

During the exchange of an external token to an internal token if the user is not federated it will be always created. You can create a RFE in JIRA describing your requirements in more details and we'll see/discuss how we can support that.

Regards.
Pedro Igor

On Wed, Jun 27, 2018 at 3:53 AM, Florian Bernard <fbernard at appstud.com<mailto:fbernard at appstud.com>> wrote:
    Hello,
    We try to implement the following use case :
    We have a Realm and a Client that allow users to login with the rest api /auth/realms/{Realm}/protocol/openid-connect/token (from a mobile application).
    Users should be able to login with a Facebook token by using the same rest api but with token-exchange grant_type only if a keycloak user already exists and if it’s linked with Facebook identity provider.
    Problem: if a user that does not exist in Keycloak exchange a Facebook token, it’ll be automatically created by keycloak and an access_token is return.
    We try to modify First Login Flow in Identity provider configuration, but it does not work.
    How we can prevent keycloak to create user and return an error if there is no keycloak user linked to the facebook token?

    Thanks in advance,
    Florian



_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list