Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
From what I can see we have been using the wrong endpoint for logging in. We have been using hte authorization_endpoint, not the token_endpoint. This became clear when testing nikita with keycloak. Digging a little more into the topic I found the following [description](https://www.ibm.com/docs/en/sva/9.0.5?topic=SSPREK_9.0.5/com.ibm.isam.doc/config/concept/OAuthEndpoints.htm). Here it states that: _Authorization endpoint_: An authorization URL where the resource owner grants authorization to the OAuth client to access the protected resource. https://server.oauth.com/mga/sps/oauth/oauth20/authorize _Token endpoint_: A token request URL where the OAuth client exchanges an authorization grant for an access token and an optional refresh token. https://server.oauth.com/mga/sps/oauth/oauth20/token This commit fixes this, but also changes the way the URL is built for logging in. The old approach of building the URL is not working with keycloak. I believe that the parameters should be in the body. I can't find the description that requires this to be in the body rather than the as query parameters, but the [following](https://connect2id.com/products/server/docs/api/token) is an example that requires the values in the body of a request.
- Loading branch information
