Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Keycloak >= Version 18 #695

Closed
coding-pagro opened this issue Jun 24, 2022 · 3 comments · Fixed by #708
Closed

Support Keycloak >= Version 18 #695

coding-pagro opened this issue Jun 24, 2022 · 3 comments · Fixed by #708
Assignees
@martincostello
Labels
enhancement
Milestone
6.0.9

Comments

@coding-pagro
Copy link

Keycloak changed their default url schema by removing the "auth" part of the url, which causes the Keycloak provider to break for any version >= 18.
Currently the "auth" part is hardcoded. I think this suboptimal, even for older versions. I'm using also keycloak 16 behind a reverse proxy and somehow ended up configured also in a configuration, where "auth" is not part of the url.

I would suggest a additional, nullable property "Path" with the default value "auth" (for backwards compability).
This would not only allow the Version 18 to work, but also other scenarios where Keycloak is hosted under a non out-of-the-box url.
@kevinchalet
Copy link
Member

kevinchalet commented Jun 24, 2022
edited
Loading

KeyCloak supports OpenID Connect discovery/OAuth 2.0 authorization server metadata so you'd get better results with either the MSFT OIDC handler or with the new OpenIddict client (https://kevinchalet.com/2022/06/22/openiddict-4-0-preview1-is-out/), that support dynamic configurations.

@coding-pagro
Copy link
Author

coding-pagro commented Jun 24, 2022
edited by kevinchalet
Loading

KeyCloak supports OpenID Connect discovery/OAuth 2.0 authorization server metadata so you'd get better results with either the MSFT OIDC handler or with the new OpenIddict client (https://kevinchalet.com/2022/06/22/openiddict-4-0-preview1-is-out/), that support dynamic configurations.

Thank you for your comment. I did already successful use Keycloak with the AddOpenIdConnect extension from Microsoft.
I just stumbled over AspNet.Security.OAuth.Providers as part of an example and I did no deep dive in comparing mechanism.
But I will also take a look at OpenIddict!

martincostello added a commit to martincostello/AspNet.Security.OAuth.Providers that referenced this issue Aug 20, 2022
@martincostello
Support Keycloak v18+
9d386e4 
Support changes to the resource paths in Keycloak 18.0+.
Resolves aspnet-contrib#695.
@martincostello martincostello mentioned this issue Aug 20, 2022
Merged
@martincostello martincostello self-assigned this Aug 20, 2022
@martincostello martincostello added this to the 6.0.9 milestone Aug 20, 2022
martincostello added a commit that referenced this issue Aug 20, 2022
@martincostello
Support Keycloak v18+
34e7b72 
Support changes to the resource paths in Keycloak 18.0+.
Resolves #695.
@martincostello
Copy link
Member

This fix is now available from NuGet.org in the 6.0.9 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@martincostello martincostello

Labels
enhancement
Milestone
6.0.9
Development

Successfully merging a pull request may close this issue.

Support Keycloak v18+ martincostello/AspNet.Security.OAuth.Providers
3 participants
@martincostello @kevinchalet @coding-pagro