CODEWITHSUNDEEP
oauth-2.0keycloakopenid-connect
Nicolas
Nicolas

Reputation: 1870

Get authorization code from Keycloak token endpoint

It is written in the keycloak documentation that the Token Endpoint can be used for obtaining a temporary code in the Authorization Code Flow or for obtaining tokens via the Implicit Flow, Direct Grants, or Client Grants.

But even with response_type=code , I can't get an authorization code: only a token. How can I do that?

My test request:

curl -X POST \
  http://localhost:8080/auth/realms/my-realm/protocol/openid-connect/token \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Host: localhost:8080' \
  -H 'Postman-Token: e103dff9-7b25-4f8f-886b-2af73efee561,e8f92a85-1489-4d7f-b89f-76cfe85e9c68' \
  -H 'User-Agent: PostmanRuntime/7.15.0' \
  -H 'accept-encoding: gzip, deflate' \
  -H 'cache-control: no-cache' \
  -H 'content-length: 94' \
  -d 'grant_type=password&username=login&password=pwd&client_id=my-app&response_type=code'

Source : https://www.keycloak.org/docs/latest/server_admin/index.html#keycloak-server-oidc-uri-endpoints

Upvotes: 2

Views: 21278

Answers (1)

Kohei TAMURA
Kohei TAMURA

Reputation: 5122

response_type can be only used in authorization request to authorization endpoint (http://localhost:8080/auth/realms/my-realm/protocol/openid-connect/auth) and it will be ignored in this case (in token request). Authorization code can be got from authorization endpoint as follows:

http://localhost:8080/auth/realms/my-realm/protocol/openid-connect/auth?client_id=my-ap&redirect_uri=https://...&response_type=code

See also: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1

Upvotes: 3

Related Questions