[keycloak-user] Token Exchange

James Mitchell jamesm at suitebox.com
Sun Sep 29 22:06:17 EDT 2019


After checking out the code from github I found the file TokenEndpoint.java
which has the controller for the token endpoint, including the token
exchange.
Then I saw the function tokenExchange() which is exactly what I need to
check.

First thing I see is the event logging - so I use the GUI to enable logging
of the events to database and immediately see my problem

"sub claim is null from user info json"

so I think the call does expect a normal oidc userinfo response


----

*James Mitchell*

Developer

e: jamesm at suitebox.com

w: www.suitebox.com


*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ


On Mon, 30 Sep 2019 at 14:54, James Mitchell <jamesm at suitebox.com> wrote:

> Where should I look for the code for token exchange?
>
> I am getting an invalid token error for one particular identity provider,
> and wI want to see what sort of logic the code uses to decide whether to
> validate and swap tokens.
>
> I have my code working ok for a standard Google oauth provider, so I have
> already fixed issues with users not being enabled when I try to exchange
> tokens, and making sure I have a valid userinfo url.
>
> My suspicion is I have an error with the userinfo url - which is not a
> standard oidc endpoint, but it is returning a 200 OK status when I hit it
> by hand with the access token.
>
> Thanks,
> James
>
>
> ----
>
> *James Mitchell*
>
> Developer
>
> e: jamesm at suitebox.com
>
> w: www.suitebox.com
>
>
> *SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
>


More information about the keycloak-user mailing list