keycloak-scim/topics/oidc/oidc-generic.adoc
Stian Thorgersen 294312dc81 Re-structuring
2016-06-01 13:02:44 +02:00

46 lines
No EOL
1.3 KiB
Text

== Other OpenID Connect libraries
OAuth2 https://tools.ietf.org/html/rfc6749
OpenID Connect http://openid.net/connect/
=== Endpoints
TODO
=== Flows
==== Authorization Grant
==== Implicit
==== Resource Owner Password Credentials
==== Client Credentials
=== Redirect URIs
Keycloak provides two special redirect uris for installed applications.
[[_installed_applications_url]]
==== Installed Applications url
http://localhost
This returns the code to a web server on the client as a query parameter.
Any port number is allowed.
This makes it possible to start a web server for the installed application on any free port number without requiring changes in the `Admin Console`.
[[_installed_applications_urn]]
==== Installed Applications urn
`urn:ietf:wg:oauth:2.0:oob`
If its not possible to start a web server in the client (or a browser is not available) it is possible to use the special `urn:ietf:wg:oauth:2.0:oob` redirect uri.
When this redirect uri is used Keycloak displays a page with the code in the title and in a box on the page.
The application can either detect that the browser title has changed, or the user can copy/paste the code manually to the application.
With this redirect uri it is also possible for a user to use a different device to obtain a code to paste back to the application.
=== Session Management
=== Dynamic Client Registration