How to debug external IDP token

[Björn Eickvonder]

I‘ve setup an OIDC identity provider to a customer IDP (actually it is a Keycloak as well). Now I have a problem that customer is telling me that he sets a specific claim but from my perspective it doesn’t look like they do.

What is the easiest way to debug the brokered access/id token?

Björn

[Thomas Darimont]

Hi Björn,

depending on your IdP implementation take a look at: 

- org.keycloak.protocol.oidc.DefaultTokenExchangeProvider#exchangeExternalToken

- org.keycloak.protocol.oidc.DefaultTokenExchangeProvider#importUserFromExternalIdentity

The BrokeredIdentityContext encapuslates the information provided by the external IdP (backed by an OIDC IDToken, UserInfo etc.).

Cheers,

Thomas

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/94243816-7818-497a-8687-53a8a5643b07n%40googlegroups.com.

[Niko Köbler]

You can also store the external tokens and retrieve them after authentication, like mentioned here in the docs: https://www.keycloak.org/docs/latest/server_admin/index.html#retrieving-external-idp-tokens

- Niko

[Björn Eickvonder]

Hi Niko,

thanks store external tokens works great for me.

Björn