47 lines
No EOL
1.4 KiB
Text
47 lines
No EOL
1.4 KiB
Text
== Other OpenID Connect libraries
|
|
|
|
OAuth2 https://tools.ietf.org/html/rfc6749
|
|
OpenID Connect http://openid.net/connect/
|
|
|
|
|
|
=== Endpoints
|
|
|
|
TODO
|
|
|
|
=== Flows
|
|
|
|
==== Authorization Grant
|
|
|
|
==== Implicit
|
|
|
|
[[_resource_owner_password_credentials_flow]]
|
|
==== Resource Owner Password Credentials
|
|
|
|
==== Client Credentials
|
|
|
|
=== Redirect URIs
|
|
|
|
Keycloak provides two special redirect uris for installed applications.
|
|
|
|
[[_installed_applications_url]]
|
|
==== Installed Applications url
|
|
|
|
http://localhost
|
|
|
|
This returns the code to a web server on the client as a query parameter.
|
|
Any port number is allowed.
|
|
This makes it possible to start a web server for the installed application on any free port number without requiring changes in the `Admin Console`.
|
|
|
|
[[_installed_applications_urn]]
|
|
==== Installed Applications urn
|
|
|
|
`urn:ietf:wg:oauth:2.0:oob`
|
|
|
|
If its not possible to start a web server in the client (or a browser is not available) it is possible to use the special `urn:ietf:wg:oauth:2.0:oob` redirect uri.
|
|
When this redirect uri is used Keycloak displays a page with the code in the title and in a box on the page.
|
|
The application can either detect that the browser title has changed, or the user can copy/paste the code manually to the application.
|
|
With this redirect uri it is also possible for a user to use a different device to obtain a code to paste back to the application.
|
|
|
|
=== Session Management
|
|
|
|
=== Dynamic Client Registration |