User JBoss Keycloak as an OpenID Connect provider

[eorlovsky]

Could you please help understand if we can use JBoss Keycloak as a database of users for Owncloud. In Keycloak we can create a Client and have openid-connect endpoints

[mmattel]

https://github.com/owncloud/core/issues/33952 (Owncloud and Keycloak OpenID integration) A possibe solution path is described in https://github.com/owncloud/core/issues/33952#issuecomment-454031082 https://stackoverflow.com/questions/19293793/oauth-2-access-token-vs-openid-connect-id-token

[mmattel]

@PVince81 (Maybe a stupid) question: Is it possible to extend the code in a way that both access_token and idToken are used/available? https://github.com/owncloud/sociallogin/blob/c878ccf49100a36f74d47644112f685ef5262374/lib/Provider/CustomOpenIDConnect.php#L12

From the stackoverflow link above:

access_token is useful to call certain APIs in Auth0 (e.g. /userinfo) or an API you define in Auth0.
id_token is a JWT and represents the logged in user. It is often used by your app.

is it possible to use both the access_token and the id_token for accessing the protected resources ?

Not completely, first, you need to use id_token to log in, 
second, you will get a accessToken, 
last, use accessToken to access data.

Plus question: is id_token something hat becomes empty when accessToken gets set (and vice versa). Or ist there a kind of precednece one over another? Which would mean that it would be distinguisable which one to chose

[PVince81]

@DeepDiver1975 @karakayasemi

[rowe42]

As saying in the referenced Issue above, I believe this issue can be closed.