Replies: 3 comments
-
mod_auth_openidc does not support the device code flow, and there should be no need to as it can use the more appropriate web client based code flow |
Beta Was this translation helpful? Give feedback.
-
I have the same question, and I admit I don't understand how the proposed answer applies. I have a service behind an apache reverse proxy, and I use mod_auth_openidc to require authentication for that service, and to pass the authenticated principal's name to the service via a header, with the OIDCAuthNHeader directive. Some of the users of that service are humans with web browsers, but other users are machines or devices with limited interfaces, for which the device code flow seems like exactly the right thing. Is there something I can do to allow them to work in my arrangement? I've seen what seem to be many different terms for the same kind of flow, and perhaps "web client based code flow" in the response above refers to some kind of flow that's more appropriate for my use case than the device code flow I'm aiming at; of the options Keycloak provides, "device code" seemed best suited. What am I missing? |
Beta Was this translation helpful? Give feedback.
-
Perhaps I've gotten the idea correct, now. I can use the device code flow, or whatever flow I want, and obtain an access token from my identity provider. I can then add that access token to calls to my API, setting the |
Beta Was this translation helpful? Give feedback.
-
Hi,
does the mod_auth_openidc library also support the device code flow?
Regards,
Dirk
Beta Was this translation helpful? Give feedback.
All reactions