Documentation: Account linking #338
Comments
|
Yes I think this would be a good candidate for a new article in the documentation. The configuration in Keycloak is relatively complex, and it also requires some configuration in each of the identity providers (GitHub, GitLab, Bitbucket). Perhaps at least an article with links to the appropriate Keycloak documentation. |
|
Until that article is complete, there is documentation in Keycloak for configuring account linking (social login): https://www.keycloak.org/docs/latest/server_admin/index.html#social-identity-providers There may be some quirks to the configuration that are needed to successfully get account linking working. |
|
Thanks a lot! |
|
I tried but it doesn't work. I added roles indicated in the following documentation to my client apicurio, but no effect :( From Keycloak page http://<keycloak_host>/auth/realms//account/identity I am able to link my account on Github (it uses "account" client), but Apicurio page (it uses "apicurio" client), it doesn't work |
|
Here are some screenshots of the configuration I'm using in "studio.apicur.io". Note: for that installation users are able to link their GitHub account but cannot use it to authenticate. But hopefully this information will help: GitHub Identity Provider
Default Realm Roles
GitHub Settings (OAuth Apps)
|
|
Thanks a lot!!! |
|
I've updated the documentation to include information about account linking: https://apicurio-studio.readme.io/docs/setting-up-keycloak-for-use-with-apicurio |
|
Hi, Thanks a lot... Linking is done for now. However, I have again an issue. After linking, when I try to publish to Bitbucket, the request "/api-hub/accounts/Bitbucket/teams" returns an error 500 and nothing is displayed in console (stdout). Thanks |
|
Error 500 is definitely bad - when you receive that error does Apicurio show you an error page labeled Server Error Encountered? If so is there a Toggle Details button on the page? And if there is, can you click it and copy/paste the resulting stack trace here? |
|
Also, if the error does not result in an error page, can you check the browser's developer/javascript console for a reported error? Looking at the code, I'm guessing you don't get an error page, but you should have some error information in the javascript console. The relevant code is: // TODO handle an error in some way!
this.gettingTeams = false;
console.error(error);Skimping on error handling is never a good idea - sorry about this. :( |
|
Hi, behind a proxy or not, I get the same error:
|
|
Furthermore, from Postman GET on <kc_host>/auth/realms/beyond/broker/Bitbucket/token and from valid token, I get the error "Client [apicurio] not authorized to retrieve tokens from identity provider [Bitbucket]." |
|
After adding "read-token" role to apicurio client (not as default roles), it's work like a charm :D :D |
|
Again me :) I think, you don't implement retrieving of repositories that are on several pages. |
|
So first of all - nice job figuring out the read-token fix. I'm not sure why you needed to add that to the apicurio client if you added it as a default. I'm also not sure why it wasn't already set up if you imported the realm JSON file. But I'm glad it's working. As for your other issue (only listing 10 repositories) - that is a bug for sure (just checked the code). I've opened up a separate GH issue for this: #350 |
|
Thanks! We can close it ;) |
Hi,
That will be great if documentation is more complete by describing how configure our local keycloak instance to be able to link our accounts.
While, I added github as broker, currently, I have always a web page with "invalid request" message :(
Thx
The text was updated successfully, but these errors were encountered: