Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-2351

keycloak should accept response_type=token when implicit flow

    XMLWordPrintable

Details

    • Enhancement
    • Status: Closed
    • Major
    • Resolution: Done
    • 1.7.0.Final, 1.8.0.CR1
    • 1.9.0.CR1
    • None
    • None

    Description

      I was trying to configure Swagger UI (http://swagger.io/swagger-ui/) so it will use Keycloak for OAuth2 authorization. When using the implicit flow, which Swagger UI supports, I did not succeed authorizing. Swagger UI opens Keycloak like this:

      curl 'http://keycloak.test.mycompany.com/auth/realms/MYCOMPANY/protocol/openid-connect/auth?response_type=token&redirect_uri=http%3A%2F%2Fapi.test.mycompany.com%2Fo2c.html&realm=MYCOMPANY&client_id=swagger&scope=user&state=0.3514531705962982' -H 'Host: keycloak.test.mycompany.com' -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate' -H 'Referer: http://api.test.mycompany.com/'

      Keycloak's response is: Invalid parameter: response_type

      I think this is because Keycloak expects the response_type url parameter to be id_token token, while Swagger UI uses the url parameter response_type=token.
      rfc6749 also states (https://tools.ietf.org/html/rfc6749#section-4.2.1) that the response_type parameter should be token.

      So maybe Keycloak should support response_type=token too?

      Attachments

        Activity

          People

            mposolda@redhat.com Marek Posolda
            ramonrockx Ramon Rockx (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: