Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Keycloak: Get authorization code in JSON?

we are working on a student project. Our goal is to achieve that a user can authorize with a x509 certificate via Keycloak.

Actually, we cannot continue with receiving the authorization code in order to exchange it for a token request. Basically, we send an authorization code request and receive the authorization code by an URL parameter. But we would prefer to receive the authorization code in a JSON format. The access type of the Client is set to public.

Can someone help us please. Thank you.

like image 711
Stefan Kuppelwieser Avatar asked Sep 13 '18 10:09

Stefan Kuppelwieser


1 Answers

The authorization code flow is given in the url because it is meant to survive a redirection to the keycloak login page. You access the keycloak login page using a client id and a redirect url to your application. Once the login is successful, the keycloak server redirects to your app again, providing the authorization code appended in the url itself. Then your app sends this code in order to get a token set, which is the one actually given in JSON format.

It's not possible to get the authorization code from a REST endpoint, because it is meant to follow a web browser flow. You could still use the direct access grant in order to log in the users directly with their credentials and obtain the token set. That is however considered to be a bit weaker.

See also:

  • https://auth0.com/docs/api-auth/tutorials/authorization-code-grant
like image 191
Xtreme Biker Avatar answered Sep 27 '22 19:09

Xtreme Biker