Authorization Code Flows, id token is missing

허거덩

unread,

Oct 20, 2021, 4:39:40 AM10/20/21

to Keycloak User

Hi

My keycloak server Setting

OS : centos7

ver : keycloak-15.0.2

http://localhost:8080/auth/realms/KeyCloakOauth/protocol/openid-connect/auth?response_type=code&client_id=Oauth2

I connected and received the Authorization Code redirected.

(Code : 1b4ec447-021d-4212-9942-150ee6b69ea1.a99ca2c7-8b7e-4580-ac4a-b8f733a5112c.079f1b12-7a19-4cf7-84ee-77c9b50a7926)

And I requested to receive token.

POST : http://localhost:8080/auth/realms/KeyCloakOauth/protocol/openid-connect/token

Host: localhost:8080

Content-Type: application/x-www-form-urlencoded

Content-Length: 226

scope=openid&grant_type=authorization_code&client_id=Oauth2&client_secret=( client_secret)&code=code

result

{"access_token":"(jwt token value)" ,"expires_in":300,"refresh_expires_in":1800,"refresh_token":" (jwt token value) ","token_type":"Bearer","not-before-policy":0,"session_state":"(state)","scope":"profile email"}

There are access tokens and refresh tokens, but no id tokens.

In the official documentation, it is stated that in the case of Authorization Code Flows, access, refresh, and id tokens are all received. Am I missing something?

https://www.keycloak.org/docs/latest/securing_apps/#_nodejs_adapter

(2.5.3. Flows

Authorization Code

The Authorization Code flow redirects the user agent to Keycloak. Once the user has successfully authenticated with Keycloak an Authorization Code is created and the user agent is redirected back to the application. The application then uses the authorization code along with its credentials to obtain an Access Token, Refresh Token and ID Token from Keycloak.

The flow is targeted towards web applications, but is also recommended for native applications, including mobile applications, where it is possible to embed a user agent.

For more details refer to the Authorization Code Flow in the OpenID Connect specification.)

Martin Harm

unread,

Oct 21, 2021, 12:32:26 AM10/21/21

to Keycloak User

hi,

you start the flow with something like http://iocalhost/auth/realms/realmname/protocol/openid-connect/auth?client_id=...&redirect_uri=....&state=...&response_mode=fragment&response_type=code&scope=openid%20email&nonce=...&code_challenge=...

to get an id-token back, the scope openid should be included.

regrads

martin

허거덩

unread,

Oct 24, 2021, 9:33:10 PM10/24/21

to Keycloak User

thanks solved it

2021년 10월 21일 목요일 오후 1시 32분 26초 UTC+9에 martin....@gmail.com님이 작성:

Reply all

Reply to author

Forward