Does keycloak support id_token_hint?
If user is already authenticated on keycloak auth server, and on click of some link within the system, if Authorization needs to happen again for the same user on auth server, can we somehow bypass login flow?
I am trying to use prompt=none and passing id_token_hint value with previously received id_token from auth server and session_state value received earlier, but that’s giving me login_required error from keycloak on the app redirect url when getting authorization code.
Here’s the example URL:
http://keycloak:9080/auth/realms/igia/protocol/openid-connect/auth?
client_id=sagar-test
&redirect_uri=http%3A%2F%2F127.0.0.1%3A9010%2Fcallback
&response_type=code
&scope=openid+launch
&state=bbb
&prompt=none
&session_state=894b7695-de61-4cd0-b1d0-9509ae65fd0d
&id_token_hint=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlYlZwVmkyaVV5anpXWTVaWHMzRE80b3RZaVJibDJpbE11N3BrYXo5RWpJIn0.eyJqdGkiOiI3M2UyOGIyNC1kM2RjLTQ0YmYtYmVmNy1lODg4YTM0NzM0ZjAiLCJleHAiOjE2MDEzOTQ4OTAsIm5iZiI6MCwiaWF0IjoxNjAxMzk0MjkwLCJpc3MiOiJodHRwOi8va2V5Y2xvYWs6OTA4MC9hdXRoL3JlYWxtcy9pZ2lhIiwiYXVkIjoic2FnYXItdGVzdCIsInN1YiI6IjRjOTczODk2LTU3NjEtNDFmYy04MjE3LTA3YzVkMTNhMDA0YiIsInR5cCI6IklEIiwiYXpwIjoic2FnYXItdGVzdCIsImF1dGhfdGltZSI6MTYwMTM5NDI4OSwic2Vzc2lvbl9zdGF0ZSI6Ijg5NGI3Njk1LWRlNjEtNGNkMC1iMWQwLTk1MDlhZTY1ZmQwZCIsImFjciI6IjEiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6IkFkbWluIEFkbWluaXN0cmF0b3IiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImdpdmVuX25hbWUiOiJBZG1pbiIsImZhbWlseV9uYW1lIjoiQWRtaW5pc3RyYXRvciIsImVtYWlsIjoiYWRtaW5AbG9jYWxob3N0In0.Yqi0N7ilYsr_fP_-7qWiTDbaiLTBRbW3p-w07D33w8LbIbhqxRHAi5FYwcYOo5HQffcjmcRetYUHBSExVpyRl0YrHON6_g02x1UJurMZPwGbDiTRMf4_xiRvDM18TnZuQEGCvN0s8xtm5wqv2jKqWSyRD6RktYZKuLssaH-wp20nryBTRv87M6-Nh1MfHa4m-Xv5nw4t_y6LWNPurwGUZRwsPGAIxeN8anFjxdf4kYUQD44etc4y1ZijZZ8lCWoSW4RWSblM7iaalqdjsVqx7fUeTXTpRptZJZiasaqT7O08Z2lN1zsA4sFHc8UgFqvIKq_2tExnNAI1A4FwGh-Kpw
Any help is appreciated!