8000 Improved consent handling in token exchange (OIDC to OIDC Client) · Issue #31797 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Improved consent handling in token exchange (OIDC to OIDC Client) #31797
New issue
New issue
Closed as not planned
Closed as not planned
Improved consent handling in token exchange (OIDC to OIDC Client)#31797
Labels
area/token-exchangekind/enhancementCategorizes a PR related to an enhancementstatus/needs-discussionPR needs discussion on developer mailing listteam/core-clients
Milestone
 
26.2.0
@cgeorgilakis

Description

@cgeorgilakis
cgeorgilakis
opened on Jul 31, 2024

Description

For OIDC to OIDC Client token exchange, Keycloak ask for user consent based on target client.
However, token exchange is not a browser flow. So, user can not give any extra consent and 'INVALID_CLIENT' error maybe returned.
So, we propose to remove consent asked in token exchange.

We want clients executing token exchange to request consent in other OAuth flows. So, it is not a solution to disable consent in these clients.

Discussion

No response

Motivation

No response

Details

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/token-exchangekind/enhancementCategorizes a PR related to an enhancementstatus/needs-discussionPR needs discussion on developer mailing listteam/core-clients

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0