keycloak token validation

when flask-oidc send the token to introspect endpoint for token validation, keycloak responded with “Client not allowed”.

turned out this is due to the client Access Type, where it should be confidential.

after switch that from public to confidential, this should work

curl -v --data "client_secret=YOUR_SECRET9&client_id=product- 
app&username=user&token=YOUR_TOKEN" 
http://localhost:8080/auth/realms/springdemo/protocol/openid- 
connect/token/introspect

OIDC flows:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/auth-oidc
https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/11.2/en/Content/OIDC/OIDC.htm
Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s