Closed styk-tv closed 4 years ago
Hello, styk-tv Thank you for your contribution.
Would you please tell us your system info?
Ex. OS name, OS version, Keycloak version, and any more...
@sahya its a dockerized helm deployment based on codecentric/keycloak currently running 7.2.0 confirmation of discord provider installation here: https://github.com/wadahiro/keycloak-discord/issues/3#issuecomment-602070504 currently running v0.2.0 but also tried v0.3.0 on a test system without a difference.
i'm simply curious if anyone tried to request a stored discord token, would be good to document the steps here just to see if I missed a step perhaps or is there an actual issue.
Hi Hiroyuki (@wadahiro)
Is there any chance you could find a spare few minutes to confirm above steps? To see if brokered token retrieval is possible for discord? Also, I don't care for specific version confirmation, if you figure it out just tell me what version you used and I will deploy that one to confirm. I think I might have missed a step maybe from the list, I'm assuming "store tokens" and "tokens readable" are inherited and processed by your code hence asking for someone to double check.
Many thanks.
I found similar problem stated here (not specific to Discord provider) https://keycloak.discourse.group/t/unable-to-retrieve-upstream-identity-providers-original-token/2267 can anyone please verify?
@styk-tv Sorry my late response.
The error is produced here:
It means the authenticated user (access token) doesn't have 'read-token' permission. I think you need to setup a role to grant the permission.
Actually, it's unclear if this use case will work because I've never tried it.
@wadahiro @sahya many thanks guys. It was really as simple as adding scope "roles" into Assign Default Client Scopes in my OIDC client.
EDIT: therefore I can confirm that Discord Provider as is, integrates with Keycloak in a correct way so retrieval of original token is possible as per https://www.keycloak.org/docs/latest/server_admin/#retrieving-external-idp-tokens Only thing missing was instruction re above.
I'm having issues retrieving stored tokens based on doc fragment below. I'm getting a message
Just as a checklist:
Trying brand new user: check myclient / scope /client role /broker /assigned roles / read-token: check Identity Providers / discord / store tokens / on Identiy Providers / discord / stored tokens readable / on
New user after login gets a keycloak token, with this token i access below endpoint Inspeciting user / role mappings / client roles / broker / assigned roles / read-token: check /auth/realms/master/broker/discord/token and 403 (above errorMessage)
At this point, i'm thinking maybe because custom provider, have anyone tried to do this. Was your result a success? Any hints? Can we just double check this please?
Below excerpt from the doc: