[keycloak-user] Token Exchange
James Mitchell
jamesm at suitebox.com
Sun Sep 29 22:06:17 EDT 2019
After checking out the code from github I found the file TokenEndpoint.java
which has the controller for the token endpoint, including the token
exchange.
Then I saw the function tokenExchange() which is exactly what I need to
check.
First thing I see is the event logging - so I use the GUI to enable logging
of the events to database and immediately see my problem
"sub claim is null from user info json"
so I think the call does expect a normal oidc userinfo response
----
*James Mitchell*
Developer
e: jamesm at suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
On Mon, 30 Sep 2019 at 14:54, James Mitchell <jamesm at suitebox.com> wrote:
> Where should I look for the code for token exchange?
>
> I am getting an invalid token error for one particular identity provider,
> and wI want to see what sort of logic the code uses to decide whether to
> validate and swap tokens.
>
> I have my code working ok for a standard Google oauth provider, so I have
> already fixed issues with users not being enabled when I try to exchange
> tokens, and making sure I have a valid userinfo url.
>
> My suspicion is I have an error with the userinfo url - which is not a
> standard oidc endpoint, but it is returning a 200 OK status when I hit it
> by hand with the access token.
>
> Thanks,
> James
>
>
> ----
>
> *James Mitchell*
>
> Developer
>
> e: jamesm at suitebox.com
>
> w: www.suitebox.com
>
>
> *SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
>
More information about the keycloak-user
mailing list