Keycloak:获取JSON中的授权代码? [英] Keycloak: Get authorization code in JSON?
问题描述
我们正在研究一个学生项目.我们的目标是实现用户可以通过Keycloak授予x509证书的授权.
we are working on a student project. Our goal is to achieve that a user can authorize with a x509 certificate via Keycloak.
实际上,我们无法继续接收授权码以将其交换为令牌请求.基本上,我们发送授权码请求,并通过URL参数接收授权码.但是我们希望以JSON格式接收授权代码.客户端的访问类型设置为公共.
Actually, we cannot continue with receiving the authorization code in order to exchange it for a token request. Basically, we send an authorization code request and receive the authorization code by an URL parameter. But we would prefer to receive the authorization code in a JSON format. The access type of the Client is set to public.
有人可以帮助我们吗?谢谢.
Can someone help us please. Thank you.
推荐答案
在URL中给出了授权码流,因为它可以在重定向到密钥库登录页面的过程中幸免.您可以使用客户端ID和指向应用程序的重定向URL访问keycloak登录页面.登录成功后,密钥斗篷服务器将再次重定向到您的应用程序,并在URL本身中附加授权码.然后,您的应用发送此代码以获取令牌集,该令牌集实际上是以JSON格式给出的.
The authorization code flow is given in the url because it is meant to survive a redirection to the keycloak login page. You access the keycloak login page using a client id and a redirect url to your application. Once the login is successful, the keycloak server redirects to your app again, providing the authorization code appended in the url itself. Then your app sends this code in order to get a token set, which is the one actually given in JSON format.
不可能从REST端点获取授权代码,因为它旨在遵循Web浏览器流程.您仍然可以使用直接访问授权,以便直接使用其凭据登录用户并获取令牌集.但是,这被认为要弱一些.
It's not possible to get the authorization code from a REST endpoint, because it is meant to follow a web browser flow. You could still use the direct access grant in order to log in the users directly with their credentials and obtain the token set. That is however considered to be a bit weaker.
另请参见:
这篇关于Keycloak:获取JSON中的授权代码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
