使用KeyCloak的OAuth2授权界面(OAuth2 authorization interface using KeyCloak)
我试图使用
KeyCloak
作为第三方应用程序支持的身份提供者服务。 这个想法是在KeyCloak
注册客户端应用程序,可信的客户端不需要授权批准,但应该有“不受信任”的客户端流程,例如OAuth 2.0规范中指定的显示用户授权界面。从我在文档中看到的情况来看 ,他们拥有相当不错的授权机制,可以用于后端。 但是,我没有看到任何方式为
/authorize
端点提供授权屏幕,如上所示。也许这可以是自定义创建的SPI或其他可用于实现此进一步移动的东西。 任何关于如何在
KeyCloak
实现的KeyCloak
? 是否有可以重复使用的内置功能或自定义方式实现?I'm trying to use
KeyCloak
as identity provider service for 3rd party applications support. The idea is to register the client application inKeyCloak
, trusted clients will not require this authorization approval, but there should be "untrusted" client flow, e.g. display user authorization interface as specified in OAuth 2.0 specification.From what I see in the docs, they have pretty good fine-grained authorization mechanisms which can be used for that on the backend. However I don't see any way to provide authorization screen for
/authorize
endpoint as shown above.Maybe this can be custom created SPI or something else which can be used for implementing this to move further. Any ideas of how this can be implemented in
KeyCloak
? Are there any built-in features which can be reused or custom way implementation?
原文:https://stackoverflow.com/questions/47187403