rhino/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-22 17:59:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Keycloak requires "offline_access" scope as well, unless it is forced by client or realm settings

InvictusMB
2026-01-29 19:57:18 +02:00
parent 41a3c493cb
commit fb2bbe3452
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Enabling-SSO-support-using-OpenId-Connect.md

@@ -101,12 +101,15 @@ At the realm level
Or for a specific client in `Clients / Client details / Advanced / Advanced settings` you can find `Access Token Lifespan` and `Client Session Idle/Max`.
Server configuration, nothing specific just set:
Server configuration:
- `SSO_AUTHORITY=https://${keycloak_domain}/realms/${realm_name}`
- `SSO_SCOPES="email profile offline_access"`
- `SSO_CLIENT_ID`
- `SSO_CLIENT_SECRET`
**_NOTE:_** `offline_access` scope can be assigned by default at the client level in `Clients / Client details / Client scopes` or at the realm level in `Realm settings / Client scopes`, otherwise it must be requested explicitly via `SSO_SCOPES` in order for refresh tokens to work.
### Testing
If you want to run a testing instance of Keycloak the Playwright [docker-compose](https://github.com/dani-garcia/vaultwarden/blob/main/playwright/docker-compose.yml) can be used.