mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-03-25 11:19:21 -07:00
Keycloak requires "offline_access" scope as well, unless it is forced by client or realm settings
InvictusMB
@@ -101,12 +101,15 @@ At the realm level
|
|||||||
|
|
||||||
Or for a specific client in `Clients / Client details / Advanced / Advanced settings` you can find `Access Token Lifespan` and `Client Session Idle/Max`.
|
Or for a specific client in `Clients / Client details / Advanced / Advanced settings` you can find `Access Token Lifespan` and `Client Session Idle/Max`.
|
||||||
|
|
||||||
Server configuration, nothing specific just set:
|
Server configuration:
|
||||||
|
|
||||||
- `SSO_AUTHORITY=https://${keycloak_domain}/realms/${realm_name}`
|
- `SSO_AUTHORITY=https://${keycloak_domain}/realms/${realm_name}`
|
||||||
|
- `SSO_SCOPES="email profile offline_access"`
|
||||||
- `SSO_CLIENT_ID`
|
- `SSO_CLIENT_ID`
|
||||||
- `SSO_CLIENT_SECRET`
|
- `SSO_CLIENT_SECRET`
|
||||||
|
|
||||||
|
**_NOTE:_** `offline_access` scope can be assigned by default at the client level in `Clients / Client details / Client scopes` or at the realm level in `Realm settings / Client scopes`, otherwise it must be requested explicitly via `SSO_SCOPES` in order for refresh tokens to work.
|
||||||
|
|
||||||
### Testing
|
### Testing
|
||||||
|
|
||||||
If you want to run a testing instance of Keycloak the Playwright [docker-compose](https://github.com/dani-garcia/vaultwarden/blob/main/playwright/docker-compose.yml) can be used.
|
If you want to run a testing instance of Keycloak the Playwright [docker-compose](https://github.com/dani-garcia/vaultwarden/blob/main/playwright/docker-compose.yml) can be used.
|
||||||
|
|||||||
Reference in New Issue
Block a user