Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scope setting gets overwritten causing ID token not to be returned from Keycloak #39

Open
Kazhuu opened this issue Mar 27, 2023 · 3 comments · May be fixed by #40
Open

Scope setting gets overwritten causing ID token not to be returned from Keycloak #39

Kazhuu opened this issue Mar 27, 2023 · 3 comments · May be fixed by #40

Comments

@Kazhuu
Copy link
Contributor

Kazhuu commented Mar 27, 2023
edited
Loading

I noticed the version 1.5.1 of this gem added this #24 change. This change added request_phase method here. However what this is doing for me is that it's overwriting scope that I have set when configuring the provider like this:

    provider(:keycloak_openid,
             "client_id",
             "client_secret",
             name: "keycloak",
             scope: "openid", # <-- this line here!!!
             client_options: {
                 # Base url as empty, defaults to "/auth/..." base url.
                 base_url: "", site: "keycloak_url_here", realm: "test_realm"
             })

What is basically happening is the request_phase method is overwriting my scope with nil instead of "openid". This in turn causes Keycloak not to return ID token for me anymore.

I could provide a fix for this but not sure if I'm setting the scope correctly. Or could this be fixed in the gem to conditionally set value from request.params if it's nil? Maybe something along these lines:

def request_phase
  options.authorize_options.each do |key|
    options[key] = request.params[key.to_s] if options[key].nil?
  end
  super
end
@Kazhuu Kazhuu linked a pull request Mar 27, 2023 that will close this issue
Open
@a-gradina
Copy link

@ccrockett is it possible to merge #40 by Kazhuu? The problem is just as he described and we rely on his fork now.

@luisfagottani
Copy link

luisfagottani commented Mar 27, 2024
edited
Loading

Hey guys, we heave the same problem here! @ccrockett .

Happy birthday, btw 🥳

@whoisdan
Copy link

whoisdan commented Jul 2, 2024

Same issue here. Would be great if we can have it sorted out. Thanks! @ccrockett

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Conditionally set options from request.params if not set already Kazhuu/omniauth-keycloak
4 participants
@whoisdan @Kazhuu @luisfagottani @a-gradina