How to allow refresh_token based user ip?

sdkim81 · July 10, 2024, 1:16am

Hello,

Is there any way to meet this requirement in keycloak?

Requirement : Service owner want to control user login based on origin IP.
e.g) protocol/openid-connect/auth , protocol/openid-connect/token

What I did for this requirement is,

Implement new SPI that check user IP.
Add this to Authentication flow > browser
==> Now I can control user login via oauth2 (authorization code) flow if user IP isn’t in allowed list.

But problem is, it doesn’t work when user try to get a new access token with refresh_token (grant_type = refresh_token).

Is there any way to insert custom execution for /token API?

Thank you in advance.

Topic		Replies	Views
Securing Token Endpoint by Client IPs Securing applications authentication , oidc	1	543	June 30, 2022
Limit login of a specific users from whitelist IP address Getting advice authentication	17	9583	October 8, 2021
SPI or API to inject custom logics while validating refresh tokens Extending the server oidc	0	449	March 19, 2021
User IP inside JWT Getting advice oidc	2	2247	August 20, 2020
Refresh identity provider token	0	700	May 19, 2022