问题
Who knows how to obtain the id_token with Keycloak?
I have been working with Keycloak in Java (Spring, JEE) and postman.
The basics work fine but I need the id_token since there are some claims that they are not present in the access_token but they are present in the id_token.
Using the keycloak-core library I could obtain the Keycloak context, but the id_token attribute always is null.
Some idea?
回答1:
If you are using keycloak version 3.2.1, then below mail chain will help you. Hi All
I am using below curl command
curl -k https://IP-ADDRESS:8443/auth/realms/Test123/protocol/openid-connect/token -d "grant_type=client_credentials" -d "client_id=SURE_APP" -d "client_secret=ca3c4212-f3e8-43a4-aa14-1011c7601c67"
In the above command's response id_token is missing ,which is require for kong to tell who i am?
In my keycloak realm->client-> Full Scope Allowed ->True
Ok I found it we have to add
scope=openid
then only it will work
回答2:
In keycloak 2.x the id_token was inside the returned token object.
They removed it in keycloak 3.x.
just add to your request the following:
scope: "openid"
as listed below to retain the id_token
http://lists.jboss.org/pipermail/keycloak-user/2018-February/013170.html
回答3:
I had the same thing with Keycloak 3.4.3 version.
I added scope=openid to my request as Gal Margalit mentioned in his answer and it works.
Here is my request:
curl -X POST -H "Content-Type:application/x-www-form-urlencoded" -d "scope=openid" -d "grant_type=password" -d "client_id=test" -d "username=test@test.hr" -d "password=test" 'https://YOUR-DOMAIN/realms/test123/protocol/openid-connect/token'
来源:https://stackoverflow.com/questions/49322417/obtain-id-token-with-keycloak