Keycloak

Форк
0
23 строки · 1.5 Кб
1

2
=== Retrieving external IDP tokens
3

4
{project_name} allows you to store tokens and responses from the authentication process with the external IDP.
5
For that, you can use the `Store Token` configuration option on the IDP's settings page.
6

7
Application code can retrieve these tokens and responses to pull in extra user information, or to securely invoke requests on the external IDP.
8
For example, an application might want to use the Google token to invoke on other Google services and REST APIs.
9
To retrieve a token for a particular identity provider you need to send a request as follows:
10

11
[source,subs="attributes+"]
12
----
13
GET {kc_realms_path}/{realm}/broker/{provider_alias}/token HTTP/1.1
14
Host: localhost:8080
15
Authorization: Bearer <KEYCLOAK ACCESS TOKEN>
16
----
17

18
An application must have authenticated with {project_name} and have received an access token.  This access token
19
will need to have the `broker` client-level role `read-token` set.  This means that the user must have a role mapping for this role
20
and the client application must have that role within its scope.
21
In this case, given that you are accessing a protected service in {project_name}, you need to send the access token issued by {project_name} during the user authentication.
22
In the broker configuration page you can automatically assign this role to newly imported users by turning on the `Stored Tokens Readable` switch.
23

24
These external tokens can be re-established by either logging in again through the provider, or using the client initiated account linking API.
25

26

27

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.