[keycloak-user] Keycloak Google IDP Broken & wont be fixed!

Pedro Igor Silva psilva at redhat.com
Thu Jul 25 17:30:44 EDT 2019 

Hi Nick,

Let's try to revert this. We are always trying to do our best to help
people as much as we can.

The documentation [1] does not seem to be updated but there is a "Request
refresh token" switch in the Google Identity Provider that when enabled
makes an offline request (access_type=offline as a query param).

Did you try it out? The related issue is
https://issues.jboss.org/browse/KEYCLOAK-6614.

Please, let me know if you have issues using it. Or maybe you are facing
some other issue that is blocking you to use this functionality.

[1] https://www.keycloak.org/docs/latest/server_admin/index.html#google

Regards.
Pedro Igor

On Thu, Jul 25, 2019 at 3:35 PM Nick Powers <sshscp at gmail.com> wrote:

> I ran into an issue with Google IDP & Keycloak, where offline access cannot
> be requested and therefore refresh tokens cannot be received from Google.
>
> I then started researching to see if this problem have been previously
> identified and resolved.  Although I did find find many people identifying
> the problem who were looking for an answer in both this mailing list and in
> the keycloak dev mailing list, there was no solutions in any of those
> messages.  These questions spanned 4 years, and yet Google IDP remains
> broken.
>
> When the question is posed to the user group the messages are either not
> answered at all or don't provide any solutions.  In the Keycloak dev
> mailing list it is discussed but in general they are dismissed, along the
> line of "Why would you need to use offline access?" dismissing it as a
> useless feature.  This is a difficult answer to swallow if you need to use
> Google offline access with Keycloak.  Especially when all it would take is
> to add "access_type=offline" to the Google auth UR.  To be absolutely clear
> they devs could easily fix this, they just don't want to.
>
> So, if you have found this message, now or in the future, hoping to find a
> way to obtain refresh tokens from Google using Keycloak all I can do is try
> and spare you any more time wasted on this pursuit.  Keycloak does NOT
> offline access for Google IDP and therefore you cannot receive refresh
> tokens from Google with Keycloak, and chances are that it will NEVER
> support it.
>
> I wish I was wrong but it doesn't appear that way.
>
> Good Luck!
>
> Nick
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list