Issue with passing client_id

[choudharysuchi]

Hi,

Invoking through UI : I am facing issue for passing client_id(which seems to be mandatory as form param in TokenRoute.handlePasswordFlow otherwise we get 400) programmatically to TNG mock server, while doing AuthzClient.create().authorization("username", "password").authorize(request). Tried checking this on keycloak side and only thing they are doing is adding the resource and secret(as client_id/ client_secret) in the request header.

Is there any work around for this ?

Invoking through API : I updated the value of keycloak.auth-server-url in configuration file to point to this mock server. Now when my server automatically calls with grant-type=client_credentials, 400 is returned. Code is not handling this scenario. Is there any specific reason for that ?

Thanks

[ostrya]

It seems that the documentation of Keycloak (https://www.keycloak.org/docs/latest/securing_apps/index.html) only documents passing the client ID as form parameter (which is how we implement it), but it does not explicitly document that for confidential clients, an extra authentication with client ID and client secret need to be done as per OAuth2 spec (https://datatracker.ietf.org/doc/html/rfc6749#section-4.3). This needs to be fixed on our side.

[choudharysuchi]

What about grant-type=client_credentials for TokenRoute.handle ? when we are calling the mock server from API in case of integration testing. Is it also planned for a fix ? Many thanks

[ostrya]

For the client credentials flow, PR #85 is already in review.

[xbmono]

We really need this... do you think the PR will be merged anytime soon? Thanks

[ostrya]

I think the fix for the password grant flow in #88 can be merged soon. If I find the time, I can also try to adapt #85 so it can be merged as well if @alexisgra has no time right now, but I cannot promise anything for this week.

[ostrya]

Should be fixed with release 0.9.0.