keycloak-scim/securing_apps/topics/oidc/java/params_forwarding.adoc

33 lines
1.3 KiB
Text
Raw Normal View History

==== Parameters Forwarding
2017-08-28 12:50:14 +00:00
The {project_name} initial authorization endpoint request has support for various parameters. Most of the parameters are described in
http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification]. Some parameters are added automatically by the adapter based
on the adapter configuration. However, there are also a few parameters that can be added on a per-invocation basis. When you open the secured application URI,
2017-08-28 12:50:14 +00:00
the particular parameter will be forwarded to the {project_name} authorization endpoint.
For example, if you request an offline token, then you can open the secured application URI with the `scope` parameter like:
[source]
----
http://myappserver/mysecuredapp?scope=offline_access
----
2017-08-28 12:50:14 +00:00
and the parameter `scope=offline_access` will be automatically forwarded to the {project_name} authorization endpoint.
The supported parameters are:
* scope
* prompt
* max_age
* login_hint
* kc_idp_hint
Most of the parameters are described in the http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification].
2017-08-28 12:50:14 +00:00
The only exception is parameter `kc_idp_hint`, which is specific to {project_name} and contains the name of the identity provider to automatically use.
For more information see the `Identity Brokering` section in link:{adminguide_link}[{adminguide_name}].