密钥斗篷文档中写道,令牌端点可以用于在授权代码流中获取临时代码,或用于通过隐式流,直接授予或客户授予来获取令牌。
但是即使使用response_type = code,我也无法获得授权码:只有一个令牌。我该怎么办?
我的测试请求:
curl -X POST \
http://localhost:8080/auth/realms/my-realm/protocol/openid-connect/token \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Host: localhost:8080' \
-H 'Postman-Token: e103dff9-7b25-4f8f-886b-2af73efee561,e8f92a85-1489-4d7f-b89f-76cfe85e9c68' \
-H 'User-Agent: PostmanRuntime/7.15.0' \
-H 'accept-encoding: gzip, deflate' \
-H 'cache-control: no-cache' \
-H 'content-length: 94' \
-d 'grant_type=password&username=login&password=pwd&client_id=my-app&response_type=code'
来源:https://www.keycloak.org/docs/latest/server_admin/index.html#keycloak-server-oidc-uri-endpoints
答案 0 :(得分:2)
response_type仅可用于对授权端点(http://localhost:8080/auth/realms/my-realm/protocol/openid-connect/auth)的授权请求,在这种情况下(在令牌请求中)它将被忽略。可以从授权端点获取授权代码,如下所示: