Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Obtain id_token with Keycloak

Tags:

java

openid

keycloak

Who knows how to obtain the id_token with Keycloak?

I have been working with Keycloak in Java (Spring, JEE) and postman.

The basics work fine but I need the id_token since there are some claims that they are not present in the access_token but they are present in the id_token.

Using the keycloak-core library I could obtain the Keycloak context, but the id_token attribute always is null.

Some idea?

like image 384
Pablo Bastidas Avatar asked Mar 16 '18 13:03

Pablo Bastidas

People also ask

Does Keycloak support PKCE?

Client Configuration applicationThe KeycloakInstalled adapter supports the PKCE [RFC 7636] mechanism to provide additional protection during code to token exchanges in the OIDC protocol. PKCE can be enabled with the "enable-pkce": true setting in the adapter configuration.

How do I get authorization code for Keycloak?

in our frontend - send username and password to KC “token” endpoint and get an authorization code. pass this code to our Backend server. Backend send this code + secret to the KC to get a valid Access token (and refresh token) BE send the access token back to the FE.

What is ID token in Keycloak?

The first is an application that asks the Keycloak server to authenticate a user for them. After a successful login, the application will receive an identity token and an access token. The identity token contains information about the user such as username, email, and other profile information.

2 Answers

If you are using keycloak version 3.2.1, then below mail chain will help you. Hi All

I am using below curl command   

curl -k  https://IP-ADDRESS:8443/auth/realms/Test123/protocol/openid-connect/token -d "grant_type=client_credentials" -d "client_id=SURE_APP" -d "client_secret=ca3c4212-f3e8-43a4-aa14-1011c7601c67"

In the above command's response id_token is missing ,which is require for kong to tell who i am?

In my keycloak realm->client-> Full Scope Allowed ->True

Ok I found it we have to add 

scope=openid

 then only it will work 

like image 66
Subodh Joshi Avatar answered Oct 02 '22 05:10

Subodh Joshi

I had the same thing with Keycloak 3.4.3 version.

I added scope=openid to my request as Gal Margalit mentioned in his answer and it works.

Here is my request:

curl -X POST -H "Content-Type:application/x-www-form-urlencoded" -d "scope=openid" -d "grant_type=password" -d "client_id=test" -d "[email protected]" -d "password=test" 'https://YOUR-DOMAIN/realms/test123/protocol/openid-connect/token'

like image 45
Amin Avatar answered Oct 02 '22 03:10

Amin
Sign in to Comment

Related questions

How to represent Callback in UML Class Diagram
UrlValidator is not working for localhost
How to autowire an object in spring in an object created with new
Converting JSON between string and byte[] with GSON
H2 - How to create a database trigger that log a row change to another table?
WebSocketStompClient won't connect to SockJS endpoint
removeEventListener not removing listener in firebase
Is there a way to avoid having fullscreen SearchView/Keyboard on landscape?
Paypal Sandbox API: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
org.springframework.web.client.HttpClientErrorException: 400 Bad Request
Input type="date" thymeleaf
Encoding in Maven Tests not working properly
Ignore self-signed certificates in Apache HTTPClient 4.5
Creating tray icon using JavaFX
android - Cannot resolve method getSystemService issue
Result of 'File.mkdirs()' is ignored
Where should I put @EnableAsync annotation
Spring Keycloak: Get User ID
Create war file from Spring:boot project in Eclipse
Why is doOnDispose not called?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!