Hi,
I’m using the Keycloak as an authentication/authorization server for our service
We have an Oauth2 IDP configured in the Keycloak, but when we authenticating, the Keycloak retrieve an error of “No token from server”
This basically means that the response from the “token” URL did not contain the id_token
Our IDP can’t provide this parameter since he works with OAuth2 only.
My question is, how can we configure the KC to take the access_token instead of the id_token?
is there any way to do that?
This is the response from the IDP
{
“token_type”: “Bearer”,
“expires_in”: 1209599,
“access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6Ijg2ZjRlNDJiZDE2YzI2ZGFjM2EyZWE3NGMwYjg1MjY5NGJmOGQzM2U3ZGU0YThlOGJjNzJmNGE2MjEzZDI0Y2ViNzM1NWQyOTE5OTg0OTI2In0.eyJhdWQiOiJlYmQ3YTdlOS0zOTU5LTQ0YmMtYjZlYi02NjQyZjk1MGVhOTEiLCJqdGkiOiI4NmY0ZTQyYmQxNmMyNmRhYzNhMmVhNzRjMGI4NTI2OTRiZjhkMzNlN2RlNGE4ZThiYzcyZjRhNjIxM2QyNGNlYjczNTVkMjkxOTk4NDkyNiIsImlhdCI6MTU5ODc4NDc1OSwibmJmIjoxNTk4Nzg0NzU5LCJleHAiOjE1OTk5OTQzNTgsInN1YiI6IjUyIiwic2NvcGVzIjpbInRpa2FsX3VzZXIiLCJhdXRoZW50aWNhdGVkIl19.IY4V3LW7UxorLUhXjxjWHAUkWtOr1S7Iczq8g89TFsAkqOVuptg1b-ZK5ImmmR8LC7Fc1_QcYDYBacPYihfKvCCALEL9bGsqQpTiUvPuP2aiQ21plZI2GVl9V3IEhiibfv6ghhr9Oe5NSlIiP-vsMOpxxoMX42ZC6SCQsLgSpf7bWIBbjlJ9ThmY6D7EXzM1KvJvuMwZ-G836HfAi2_uIKod6pw0npMeYPU_Qili26jfVw8vPWx64KuyAvRzO9I4_F5SQ_RbTixn1wL_ELFwz7RNp6gK-Y8PF6VsA1O_A27x3BzTIzBVG-wPNeYhCl2tiR6IdsskwOKWJN1JELGOjJxNVRB43J7BNbTV5clSeSOhuYWPzoGHEx7URU-MR5gvXPNEAXfCozBzrEsBrtVKKf5ciM7wsZErbJybBvQgNWUOOdQ6A5pT7k7hBmPG-AF_NnCerGxjr7giVOsPRA84bIE5-lVC_OvAC2e7ZwYKF1viyXwyo6hy5Ml6069k-tW3eXbVqaJKaJ1jjKBtKb_YwigyGnthMMQ5jXeo3hpmW_3jolGqTR3bR7bXuw_Wvnb8_m0kv7avsKoRdT3Rer89Xwc5PC0mu3WFGfK3P-XoSzkD4905FuNtSkxW2e6PskERZmU9mTe6KqlT6oGqAO2tf_Uz1mY7fz7B8gZI2N1m1XY”,
“refresh_token”: “def50200e3a8365e5b9c81ead5369e7cba29a2a856cc8d38c6a5801c3e4e6c6ae37bcdf742ed0b6cc4090a8b513f162cc62eccd342870245697a41b0725ff052f41069242f073eb22cfc117c8a270dfab158e44d5bc325169210ec765b48aee0b4492c5911dbb721a624b9912a1e98e83a6b8640dfe1c9b5956c5fd5ae5fdead655422c06d8031db942ac08776fd1e2a43db56d78964f4045c62c53817a0b2ccc43c1df08836d396a6fa9c98dd243b2ff1a048fc359b1c34497a6c224ccf7cd659349b5e6df55f64d3445c0222e2b43f1fc8575a3f29d0b8328f86e80772f404644ecbd66e12a4ffcd66de4c882d28d2dc097b096d4b45594c42c847021e01ba0f6f095e9870da2838b6cf1c802b6b83ba9aef7aa0d346ea978f2d2aa140f1f19483ab7db48d6d6b7b7e1dd5bfd7dd2bb5cf87e2b2e9dee5df9f4862c18e9b5d773239c3236840bf189b74c4143ce05e2edcc4b6b8ae2eaad3c88baf26e9c25d62c436d8f2067491ca9bfc8484b1a543fcf5049ce705420033b64dddefb6765d1055870b566308482a0e5f4b3cb87e0ec97f4f37893d3087ae6365ef03409f4109c7d5”
}
1 Like
Hi, we do have support for OAuth2 in some built-in brokers. However, the admin console only gives you OIDC.
The main reason is that OAuth2 is not an authentication protocol but OIDC, SAML, etc. Plus those built-in social providers (some are internally OAuth2).
I’m not sure if we people from the team would accept an OAuth2 Broker, but maybe you can create RFE and see what people think.
Regards.
Pedro Igor
1 Like