-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OIDC confidential access type and Authorization Code Grant #235
Comments
To get a working OIDC configuration, you would need to make the following changes: -"openid_connect": {
+"oidc": {
- "provider_url": "http://localhost:8080/realms/iRODS/.well-known/openid-configuration",
+ "config_host": "localhost",
+ "port": 8080,
+ "well_known_uri": "/realms/iRODS",
"client_id": "irods",
"redirect_uri": "http://localhost:9000/irods-http-api/0.1.0/authenticate",
"state_timeout_in_seconds": 600,
- "irods_user_claim": "preferred_username"
} So your OIDC configuration, using your given values, would look like the following:
Both For documentation on HTTP API version 0.1.0, you can use the following link:
At the moment we only support public clients, but we are working on confidential client support using Client ID and Client Secret.
Yes, 0.1.0 is sensitive to the OIDC configuration you give. If there's something incorrect, it is likely to will encounter errors like this. |
OIDC confidential access type and Authorization Code Grant
Hello, I am testing the http api with keycloak. Is there a conf parameter that I can set in my
config.json
such that I can authenticate against an OpenID client with a pair (client_id, client_secret) as credentials? Is this a supported feature? Also, with the following conf in placeand a public (no secret) oicd client, if I try the following
I get the following error in the http api logs
keycloak v23.0.4
iRODS v4.3.1
irods-http-api v0.1.0
Do you know, by any chance, what I am doing wrong? Related to #139 and #165?
The text was updated successfully, but these errors were encountered: