keycloak-scim/securing_apps/topics/oidc/java/params_forwarding.adoc


==== Parameters Forwarding

The {{book.project.name}}  initial authorization endpoint request has support for various parameters. Most of the parameters are described in
http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification]. Some parameters are added automatically by the adapter based
on the adapter configuration. However, there are also a few parameters that can be added on a per-invocation basis. When you open the secured application URI,
the particular parameter will be forwarded to the {{book.project.name}} authorization endpoint.

For example, if you request an offline token, then you can open the secured application URI with the `scope` parameter like:

[source]
----
http://myappserver/mysecuredapp?scope=offline_access
----

and the parameter `scope=offline_access` will be automatically forwarded to the {{book.project.name}} authorization endpoint.

The supported parameters are:

* scope

* prompt

* max_age

* login_hint

* kc_idp_hint

Most of the parameters are described in the http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification].
The only exception is parameter `kc_idp_hint`, which is specific to {{book.project.name}} and contains the name of the identity provider to automatically use.
For more information see the `Identity Brokering` section in {{book.project.doc_base_url}}{{book.project.doc_info_version_url}}{{book.adminguide.link}}[{{book.adminguide.name}}].
KEYCLOAK-3318 Documentation for parameters forwarding from adapter. More docs for prompt and max_age 2016-07-21 16:58:14 +00:00
			`==== Parameters Forwarding`

			`The {{book.project.name}} initial authorization endpoint request has support for various parameters. Most of the parameters are described in`
fixed hard-coded link issue, cleaned up wording, and added build script 2016-12-01 20:01:51 +00:00			`http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification]. Some parameters are added automatically by the adapter based`
			`on the adapter configuration. However, there are also a few parameters that can be added on a per-invocation basis. When you open the secured application URI,`
KEYCLOAK-3318 Documentation for parameters forwarding from adapter. More docs for prompt and max_age 2016-07-21 16:58:14 +00:00			`the particular parameter will be forwarded to the {{book.project.name}} authorization endpoint.`

fixed hard-coded link issue, cleaned up wording, and added build script 2016-12-01 20:01:51 +00:00			For example, if you request an offline token, then you can open the secured application URI with the `scope` parameter like:
KEYCLOAK-3318 Documentation for parameters forwarding from adapter. More docs for prompt and max_age 2016-07-21 16:58:14 +00:00
			`[source]`
			`----`
			`http://myappserver/mysecuredapp?scope=offline_access`
			`----`

			and the parameter `scope=offline_access` will be automatically forwarded to the {{book.project.name}} authorization endpoint.

fixed hard-coded link issue, cleaned up wording, and added build script 2016-12-01 20:01:51 +00:00			`The supported parameters are:`
KEYCLOAK-3318 Documentation for parameters forwarding from adapter. More docs for prompt and max_age 2016-07-21 16:58:14 +00:00
			`* scope`

			`* prompt`

			`* max_age`

			`* login_hint`

			`* kc_idp_hint`

			`Most of the parameters are described in the http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification].`
fixed hard-coded link issue, cleaned up wording, and added build script 2016-12-01 20:01:51 +00:00			The only exception is parameter `kc_idp_hint`, which is specific to {{book.project.name}} and contains the name of the identity provider to automatically use.
added variables for external URLs 2016-12-08 16:05:22 +00:00			For more information see the `Identity Brokering` section in {{book.project.doc_base_url}}{{book.project.doc_info_version_url}}{{book.adminguide.link}}[{{book.adminguide.name}}].