{"id":46316,"date":"2022-03-23T10:10:58","date_gmt":"2022-03-23T01:10:58","guid":{"rendered":"https:\/\/www.creationline.com\/?p=46316"},"modified":"2022-03-17T18:47:06","modified_gmt":"2022-03-17T09:47:06","slug":"keycloak-%e3%81%a7-%e3%82%af%e3%83%a9%e3%82%a4%e3%82%a2%e3%83%b3%e3%83%88%e3%83%9d%e3%83%aa%e3%82%b7%e3%83%bc-fapi-%e3%82%92%e8%a9%a6%e3%81%99-with-pkce","status":"publish","type":"post","link":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316","title":{"rendered":"Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE"},"content":{"rendered":"<h2 id=\"1-%E7%9B%AE%E6%AC%A1\" class=\"code-line code-active-line\" data-line=\"2\">1. \u76ee\u6b21<a id=\"section1\"><\/a><\/h2>\n<ol>\n<li><a href=\"#section1\">\u76ee\u6b21<\/a><\/li>\n<li><a href=\"#section2\">\u6982\u8981<\/a><br \/>\n- <a href=\"#section2.1\">2.1 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240<\/a><br \/>\n- <a href=\"#section2.2\">2.2 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240<\/a><\/li>\n<li><a href=\"#section3\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u306f\u4f55\u304b<\/a><\/li>\n<li><a href=\"#section4\">FAPI \u3068\u306f\u4f55\u304b<\/a><\/li>\n<li><a href=\"#section5\">\u00a0\u691c\u8a3c\u74b0\u5883\u306b\u3064\u3044\u3066<\/a><br \/>\n- <a href=\"#section5.1\">5.1 \u30ec\u30eb\u30e0\u306e\u4f5c\u6210<\/a><br \/>\n- <a href=\"#section5.2\">5.2 \u30e6\u30fc\u30b6\u30fc\u306e\u4f5c\u6210<\/a><br \/>\n- <a href=\"#section5.3\">5.3 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u4f5c\u6210<\/a><\/li>\n<li><a href=\"#section6\">\u691c\u8a3c<\/a><br \/>\n- <a href=\"#section6.1\">6.1. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u306e\u9069\u7528\u524d\u306b\u3001\u8a8d\u53ef\u30b3\u30fc\u30c9\u30d5\u30ed\u30fc\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306e\u53d6\u5f97\u3057\u3066\u307f\u308b<\/a><br \/>\n- <a href=\"#section6.2\">6.2. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3067 FAPI1 Baseline \u306e\u9069\u7528<\/a><br \/>\n- <a href=\"#section6.3\">6.3. \"6.1\" \u3068\u540c\u3058\u6761\u4ef6\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3057\u3066\u307f\u308b<\/a><br \/>\n- <a href=\"#section6.4\">6.4. FAPI1 Baseline \u306b\u5bfe\u5fdc\u3055\u305b\u3066\u8a8d\u53ef\u30b3\u30fc\u30c9\u30d5\u30ed\u30fc\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306e\u53d6\u5f97<\/a><br \/>\n- <a href=\"#section6.5\">6.5. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3067 FAPI1 Advanced \u306e\u9069\u7528<\/a><br \/>\n- <a href=\"#section6.6\">6.6. \"6.4\" \u3068\u540c\u3058\u6761\u4ef6\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3057\u3066\u307f\u308b<\/a><\/li>\n<li><a href=\"#section7\">\u5f8c\u66f8\u304d<\/a><\/li>\n<\/ol>\n<ul>\n<li><a href=\"#what-is-pkce\">\u30b3\u30e9\u30e0: PKCE\u3068\u306f<\/a>\u00a0 (\u203b 6.4 \u306e section\u306e\u4e2d\u3067\u89e3\u8aac)\n<ul>\n<li><a href=\"#pkce-pre-conditions\">\u8a8d\u53ef\u30b3\u30fc\u30c9\u306e\u6a2a\u53d6\u308a\u653b\u6483\u304c\u767a\u751f\u3059\u308b\u6761\u4ef6<\/a><\/li>\n<li><a href=\"#pkce-terminology\">\u7528\u8a9e<\/a><\/li>\n<li><a href=\"#pkce-flow\">PKCE\u306e\u51e6\u7406\u306e\u6d41\u308c<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 id=\"2-%E6%A6%82%E8%A6%81\" class=\"code-line code-active-line\" data-line=\"22\">2. \u6982\u8981<a id=\"section2\"><\/a><\/h2>\n<p class=\"code-line \" data-line=\"23\">shiba \u30c1\u30fc\u30e0\u306e\u4e2d\u6751\u3067\u3059\u3002\u4eca\u56de\u306f Keycloak \u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u304c\u5b9f\u969b\u306b\u3069\u3046\u52d5\u304f\u306e\u304b\u3068\u3044\u3046\u3053\u3068\u304c\u6c17\u306b\u306a\u3063\u305f\u306e\u3067\u3001\u7c21\u5358\u306b\u78ba\u8a8d\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<p class=\"code-line \" data-line=\"25\">Keycloak \u5074\u3067\u306e\u8a2d\u5b9a\u3084\u5b9f\u969b\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u3068\u30ec\u30b9\u30dd\u30f3\u30b9\u306e\u5909\u5316\u3092\u898b\u308b\u305f\u3081\u306b\u3001\u672c\u8cc7\u6599\u3067\u306f Financial-grade API Security Profile 1.0 \u306e Part 1: Baseline \u3068 Part 2: Advanced \u3092 Keycloak \u5074\u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u3057\u3066\u8a2d\u5b9a\u3057\u3066\u691c\u8a3c\u3057\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"27\"><a title=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0-final.html\" href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0-final.html\" data-href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0-final.html\">Financial-grade API Security Profile 1.0 - Part 1: Baseline (\u203b Keycloak\u3067\u306e\u8a2d\u5b9a\u540d\u306f fapi-1-baseline)<\/a><\/li>\n<li class=\"code-line \" data-line=\"28\"><a title=\"https:\/\/openid.net\/specs\/openid-financial-api-part-2-1_0.html\" href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-2-1_0.html\" data-href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-2-1_0.html\">Financial-grade API Security Profile 1.0 - Part 2: Advanced (\u203b Keycloak\u3067\u306e\u8a2d\u5b9a\u540d\u306f fapi-1-advanced)<\/a><\/li>\n<\/ul>\n<p class=\"code-line \" data-line=\"30\">\u672c\u8cc7\u6599\u3067\u306f\u4ee5\u964d\u4e0b\u8a18\u306e\u3088\u3046\u306b\u7701\u7565\u3057\u3066\u8868\u8a18\u3057\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u540d\u79f0<\/th>\n<th>\u7565\u79f0<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Financial-grade API<\/td>\n<td>FAPI<\/td>\n<\/tr>\n<tr>\n<td>Financial-grade API Security Profile 1.0 - Part 1: Baseline<\/td>\n<td>FAPI1 Baseline<\/td>\n<\/tr>\n<tr>\n<td>Financial-grade API Security Profile 1.0 - Part 2: Advanced<\/td>\n<td>FAPI1 Advanced<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"code-line \" data-line=\"37\">\u4eca\u56de\u306f\u4f8b\u3068\u3057\u3066\u3001\u3088\u308a\u30b7\u30f3\u30d7\u30eb\u306b\u4e0b\u8a18\u306e\u30b1\u30fc\u30b9\u3092\u60f3\u5b9a\u3057\u3066\u8a66\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30bf\u30a4\u30d7<\/td>\n<td>\u30d1\u30d6\u30ea\u30c3\u30af (public)<\/td>\n<\/tr>\n<tr>\n<td>\u8a8d\u53ef\u30b0\u30e9\u30f3\u30c8<\/td>\n<td>\u8a8d\u53ef\u30b3\u30fc\u30c9<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"21-%E4%BB%8A%E5%9B%9E%E3%81%AE%E8%A8%98%E4%BA%8B%E3%81%A7%E8%AA%AC%E6%98%8E%E3%81%99%E3%82%8B%E7%AE%87%E6%89%80\" class=\"code-line\" data-line=\"44\">2.1 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240<a id=\"section2.1\"><\/a><\/h3>\n<p class=\"code-line\" data-line=\"45\">\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u4e3b\u306b\u4e0b\u8a18\u306e\u90e8\u5206\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line\" data-line=\"46\">Keycloak \u3067\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u65b9\u6cd5<\/li>\n<li class=\"code-line\" data-line=\"46\">Keycloak \u3067\u306e PKCE \u306e\u8a2d\u5b9a\u65b9\u6cd5<\/li>\n<li class=\"code-line\" data-line=\"46\">Keycloak \u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u3057\u3066 FAPI1 Baseline \u53ca\u3073 FAPI1 Advanced \u3092\u8a2d\u5b9a\u3057\u305f\u6642\u306e\u30d1\u30d6\u30ea\u30c3\u30af\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u4f8b\u3068\u30ec\u30b9\u30dd\u30f3\u30b9\u4f8b<\/li>\n<\/ul>\n<h3 id=\"22-%E4%BB%8A%E5%9B%9E%E3%81%AE%E8%A8%98%E4%BA%8B%E3%81%A7%E8%AA%AC%E6%98%8E%E3%81%97%E3%81%AA%E3%81%84%E7%AE%87%E6%89%80\" class=\"code-line\" data-line=\"52\">2.2 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240<a id=\"section2.2\"><\/a><\/h3>\n<ul>\n<li class=\"code-line\" data-line=\"53\">FAPI \u306b\u95a2\u3059\u308b\u8a73\u7d30\u307e\u305f\u306f\u5168\u4f53\u7684\u306a\u8aac\u660e<\/li>\n<li class=\"code-line\" data-line=\"53\">Keycloak \u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3067\u660e\u78ba\u306a\u624b\u9806\u3068\u305d\u306e\u8a73\u7d30\u306a\u89e3\u8aac<\/li>\n<\/ul>\n<h2 id=\"3-%E3%82%AF%E3%83%A9%E3%82%A4%E3%82%A2%E3%83%B3%E3%83%88%E3%83%9D%E3%83%AA%E3%82%B7%E3%83%BC%E3%81%A8%E3%81%AF%E4%BD%95%E3%81%8B\" class=\"code-line code-active-line\" data-line=\"57\">3. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u306f\u4f55\u304b<a id=\"section3\"><\/a><\/h2>\n<p class=\"code-line \" data-line=\"58\">Keycloak<a title=\"https:\/\/www.keycloak.org\/2021\/06\/keycloak-1400-released.html\" href=\"https:\/\/www.keycloak.org\/2021\/06\/keycloak-1400-released.html\" data-href=\"https:\/\/www.keycloak.org\/2021\/06\/keycloak-1400-released.html\">14.0.0<\/a>\u306e\u30ea\u30ea\u30fc\u30b9\u3067\u516c\u5f0f\u306b\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u3063\u305f(\u4ee5\u524d\u306f\u30d7\u30ec\u30d3\u30e5\u30fc)\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306b\u95a2\u3059\u308b\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3078\u306e\u6e96\u62e0\u306a\u3069\u3092\u5bb9\u6613\u306b\u3059\u308b\u305f\u3081\u306e\u6a5f\u80fd\u3067\u3059\u3002\u3088\u308a\u308f\u304b\u308a\u3084\u3059\u304f\u30b7\u30f3\u30d7\u30eb\u306b\u8868\u73fe\u3059\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306a\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"60\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u69cb\u6210\u306b\u95a2\u3059\u308b\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u304c\u3067\u304d\u308b\u3002<\/li>\n<li class=\"code-line \" data-line=\"60\">\u30dd\u30ea\u30b7\u30fc\u306b\u3088\u308b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u69cb\u6210\u306e\u30c1\u30a7\u30c3\u30af\u304c\u3067\u304d\u308b\u3002<\/li>\n<li class=\"code-line \" data-line=\"60\">Financial-grade API(FAPI) \u306a\u3069\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3078\u306e\u6e96\u62e0\u304c\u3067\u304d\u308b\u3002\n<ul>\n<li class=\"code-line \" data-line=\"60\">\u30dd\u30ea\u30b7\u30fc\u306b\u3088\u308b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306a\u3069\u306e\u30c1\u30a7\u30c3\u30af\u304c\u3067\u304d\u308b\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<div>\n<div>\u672c\u8cc7\u6599\u3067\u306f\u3001FAPI1 Baseline \u3068\u3000FAPI1 Advanced \u3092\u30dd\u30ea\u30b7\u30fc\u3068\u3057\u3066\u8a2d\u5b9a\u3057\u3066\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30c1\u30a7\u30c3\u30af\u306e\u90e8\u5206\u3092\u4e3b\u306b\u898b\u3066\u3044\u304d\u307e\u3059\u3002<\/div>\n<p>\u307e\u305f\u3001\u53c2\u8003\u306b\u306a\u308a\u305d\u3046\u306a\u8cc7\u6599\u3068\u3057\u3066 <a title=\"https:\/\/secureoss-sig.connpass.com\/event\/222451\/\" href=\"https:\/\/secureoss-sig.connpass.com\/event\/222451\/\" data-href=\"https:\/\/secureoss-sig.connpass.com\/event\/222451\/\">OSS\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6280\u8853\u306e\u4f1a\u3000\u7b2c\u4e5d\u56de\u52c9\u5f37\u4f1a<\/a>\u00a0\u3067\u7530\u7551\u3055\u3093\u304c\u8a71\u3055\u308c\u3066\u3044\u305f\u3001<a title=\"https:\/\/fr.slideshare.net\/ssuserbeb7c0\/keycloak-fapi\" href=\"https:\/\/fr.slideshare.net\/ssuserbeb7c0\/keycloak-fapi\" data-href=\"https:\/\/fr.slideshare.net\/ssuserbeb7c0\/keycloak-fapi\">\u6700\u8fd1\u306eKeycloak\u306e\u3054\u7d39\u4ecb ~\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068FAPI~<\/a>\u00a0\u3068\u3044\u3046\u8cc7\u6599\u304c\u3042\u308a\u307e\u3059\u306e\u3067\u3001\u3088\u308a\u8208\u5473\u304c\u3042\u308b\u65b9\u306f\u3053\u3061\u3089\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<\/div>\n<h2 id=\"4-fapi-%E3%81%A8%E3%81%AF%E4%BD%95%E3%81%8B\" class=\"code-line\" data-line=\"68\">4. FAPI \u3068\u306f\u4f55\u304b<a id=\"section4\"><\/a><\/h2>\n<p class=\"code-line\" data-line=\"69\">FAPI(Financial-grade API)\u306f OpenID Foundation \u306e Financial-grade API \u30ef\u30fc\u30ad\u30f3\u30b0\u30b0\u30eb\u30fc\u30d7\u304c\u7b56\u5b9a\u3057\u3066\u3044\u308b\u6280\u8853\u4ed5\u69d8\u306e\u96c6\u307e\u308a\u3092\u6307\u3057\u307e\u3059\u3002<\/p>\n<p data-line=\"69\">\u3053\u306e\u30ef\u30fc\u30ad\u30f3\u30b0\u30b0\u30eb\u30fc\u30d7\u306f\u3001\u6a19\u6e96\u7684\u306a OAuth \u3084 OpenID Connect \u3067\u63d0\u4f9b\u3055\u308c\u308b\u3088\u308a\u3082\u9ad8\u3044\u30ec\u30d9\u30eb\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5fc5\u8981\u3068\u3059\u308b\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3068\u76f8\u4e92\u904b\u7528\u6027\u306b\u95a2\u3059\u308b\u5177\u4f53\u7684\u306a\u5b9f\u88c5\u30ac\u30a4\u30c9\u30e9\u30a4\u30f3\u3092\u63d0\u4f9b\u3059\u308b\u3053\u3068\u3092\u76ee\u7684\u3068\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p class=\"code-line\" data-line=\"73\">\u5143\u3005\u306f\u30aa\u30fc\u30d7\u30f3\u30d0\u30f3\u30ad\u30f3\u30b0\u95a2\u9023\u306e\u30b7\u30ca\u30ea\u30aa\u3067\u306e\u4f7f\u7528\u3092\u76ee\u7684\u3068\u3057\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u73fe\u5728\u306f\u4ed6\u306e\u30e6\u30fc\u30b9\u30b1\u30fc\u30b9\u306b\u3082\u62e1\u5927\u3057\u3066\u304a\u308a\u3001\u5404\u7a2e\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306f\u5e45\u5e83\u304f\u4f7f\u3048\u308b\u3082\u306e\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<div>\n<div>\u591a\u304f\u306e\u4ed5\u69d8\u306f\u307e\u3060\u30c9\u30e9\u30d5\u30c8\u72b6\u614b\u306a\u306e\u3067\u3059\u304c\u3001OpenIDFoundation \u306e\u6a19\u6e96\u306b\u5411\u3051\u305f\u30c9\u30e9\u30d5\u30c8\u3068\u3057\u3066\u306f\u4e0b\u8a18\u306e\uff12\u3064\u304c\u3042\u308a\u307e\u3059\u3002<\/div>\n<\/div>\n<ul>\n<li data-line=\"73\"><a href=\"https:\/\/bitbucket.org\/openid\/fapi\/src\/master\/Financial_API_WD_001.md\">Financial-grade API Security Profile 1.0 - Part 1: Baseline<\/a><\/li>\n<li data-line=\"73\"><a href=\"https:\/\/bitbucket.org\/openid\/fapi\/src\/master\/Financial_API_WD_002.md\">Financial-grade API Security Profile 1.0 - Part 2: Advanced<\/a><\/li>\n<\/ul>\n<p>\u305d\u306e\u4ed6\u306e\u4ed5\u69d8\u3068\u30b9\u30c6\u30fc\u30bf\u30b9\u306b\u3064\u3044\u3066\u306f<a href=\"https:\/\/openid.net\/wg\/fapi\/#status\">\u3053\u3061\u3089<\/a>\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n<h2 id=\"5-%E6%A4%9C%E8%A8%BC%E7%92%B0%E5%A2%83%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6\" class=\"code-line\" data-line=\"75\">5. \u691c\u8a3c\u74b0\u5883\u306b\u3064\u3044\u3066<a id=\"section5\"><\/a><\/h2>\n<p class=\"code-line\" data-line=\"76\">\u4eca\u56de\u306e\u74b0\u5883\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a Docker Compose \u306e\u8a2d\u5b9a\u3092\u7528\u3044\u3066\u3001Keycloak \u306e 16.1.1 \u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u8a66\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"dockerfile\">version: '3.8'\r\nservices:\r\n  keycloak:\r\n    container_name: keycloak\r\n    image: jboss\/keycloak:16.1.1\r\n    command: -b 0.0.0.0\r\n    ports:\r\n      - \"8088:8080\"\r\n    environment:\r\n      KEYCLOAK_USER: admin\r\n      KEYCLOAK_PASSWORD: password<\/pre>\n<p class=\"code-line\" data-line=\"76\">\u691c\u8a3c\u306b\u5fc5\u8981\u306a\u30c7\u30fc\u30bf\u306f\u4e0b\u8a18\u306e\u901a\u308a\u3067\u3059\u3002<a href=\"http:\/\/localhost:8088\/auth\/admin\/\">\u7ba1\u7406\u753b\u9762<\/a>\u3092\u958b\u3044\u3066\u8a2d\u5b9a\u3057\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n<h3 id=\"51-%E3%83%AC%E3%83%AB%E3%83%A0%E3%81%AE%E4%BD%9C%E6%88%90\" class=\"code-line \" data-line=\"94\">5.1 \u30ec\u30eb\u30e0\u306e\u4f5c\u6210<a id=\"section5.1\"><\/a><\/h3>\n<p class=\"code-line \" data-line=\"95\">\u307e\u305a\u306f\u4efb\u610f\u306e<a title=\"https:\/\/keycloak-documentation.openstandia.jp\/master\/ja_JP\/server_admin\/index.html#_create-realm\" href=\"https:\/\/keycloak-documentation.openstandia.jp\/master\/ja_JP\/server_admin\/index.html#_create-realm\" data-href=\"https:\/\/keycloak-documentation.openstandia.jp\/master\/ja_JP\/server_admin\/index.html#_create-realm\">\u30ec\u30eb\u30e0\u306e\u4f5c\u6210<\/a>\u3092\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u30ec\u30eb\u30e0\u306e\u540d\u524d\u306f <strong>sample-realm<\/strong> \u3067\u4f5c\u6210\u3057\u307e\u3059\u3002\u4eca\u5f8c\u306e\u6587\u7ae0\u3067\u306f\u30ec\u30eb\u30e0\u306e Name \u3092 <strong>sample-realm<\/strong> \u3068\u3057\u3066\u8aac\u660e\u3057\u3066\u3044\u304f\u306e\u3067\u3001\u5fc5\u8981\u304c\u3042\u308c\u3070\u9069\u5b9c\u74b0\u5883\u306b\u5408\u308f\u305b\u3066\u8aad\u307f\u66ff\u3048\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3 id=\"52-%E3%83%A6%E3%83%BC%E3%82%B6%E3%83%BC%E3%81%AE%E4%BD%9C%E6%88%90\" class=\"code-line \" data-line=\"97\">5.2 \u30e6\u30fc\u30b6\u30fc\u306e\u4f5c\u6210<a id=\"section5.2\"><\/a><\/h3>\n<p class=\"code-line \" data-line=\"98\">\u6b21\u306b<a title=\"https:\/\/keycloak-documentation.openstandia.jp\/master\/ja_JP\/server_admin\/index.html#_create-new-user\" href=\"https:\/\/keycloak-documentation.openstandia.jp\/master\/ja_JP\/server_admin\/index.html#_create-new-user\" data-href=\"https:\/\/keycloak-documentation.openstandia.jp\/master\/ja_JP\/server_admin\/index.html#_create-new-user\">\u30e6\u30fc\u30b6\u30fc\u3092\u4f5c\u6210<\/a>\u3057\u307e\u3059\u3002\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f\u30e6\u30fc\u30b6\u30fc\u306e Username \u306f <strong>cl-taro<\/strong> \u00a0\u3067\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<p class=\"code-line \" data-line=\"100\">\u307e\u305f\u30d1\u30b9\u30ef\u30fc\u30c9\u3068\u3057\u3066 Temporary \u306e\u8a2d\u5b9a\u3092 OFF \u306b\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u5024\u3068\u3057\u3066<strong>password<\/strong>\u00a0\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<h3 id=\"53-%E3%82%AF%E3%83%A9%E3%82%A4%E3%82%A2%E3%83%B3%E3%83%88%E3%81%AE%E4%BD%9C%E6%88%90\" class=\"code-line \" data-line=\"102\">5.3 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u4f5c\u6210<a id=\"section5.3\"><\/a><\/h3>\n<p class=\"code-line code-active-line\" data-line=\"114\">\u6b21\u306b<a title=\"https:\/\/keycloak-documentation.openstandia.jp\/master\/ja_JP\/server_admin\/index.html#oidc%E3%82%AF%E3%83%A9%E3%82%A4%E3%82%A2%E3%83%B3%E3%83%88\" href=\"https:\/\/keycloak-documentation.openstandia.jp\/master\/ja_JP\/server_admin\/index.html#oidc%E3%82%AF%E3%83%A9%E3%82%A4%E3%82%A2%E3%83%B3%E3%83%88\" data-href=\"https:\/\/keycloak-documentation.openstandia.jp\/master\/ja_JP\/server_admin\/index.html#oidc%E3%82%AF%E3%83%A9%E3%82%A4%E3%82%A2%E3%83%B3%E3%83%88\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u4f5c\u6210<\/a>\u3057\u307e\u3059\u3002\u4eca\u56de\u306e\u8a18\u4e8b\u3067\u306f Client ID \u3092 test-client \u3068\u3057 Client Protocol \u3092 openid-connect \u3067\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<p class=\"code-line \" data-line=\"105\">\u307e\u305f\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u4f5c\u6210\u5f8c\u306b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u8a2d\u5b9a\u3068\u3057\u3066\u3001\u4eee\u306e\u5024\u3068\u3057\u3066 Valid Redirect URIs \u306b<strong> https:\/\/client.example.com\/test<\/strong> \u3092\u767b\u9332\u3057\u3001\u8a8d\u53ef\u753b\u9762\u3092\u51fa\u3059\u305f\u3081\u306bConsent Required \u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3092 <strong>ON<\/strong> \u306b\u5909\u66f4\u3057\u3066\u304a\u3044\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<h2 id=\"6-%E6%A4%9C%E8%A8%BC%E3%81%97%E3%81%A6%E3%81%BF%E3%82%8B\" class=\"code-line \" data-line=\"107\">6. \u691c\u8a3c<a id=\"section6\"><\/a><\/h2>\n<p class=\"code-line \" data-line=\"108\">\u4eca\u56de\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u9806\u756a\u3067\u632f\u308b\u821e\u3044\u3092\u898b\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"110\">\n<p class=\"code-line \" data-line=\"110\">6.1. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u306e\u9069\u7528\u524d\u306b\u3001\u8a8d\u53ef\u30b3\u30fc\u30c9\u30d5\u30ed\u30fc\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306e\u53d6\u5f97\u3057\u3066\u307f\u308b<\/p>\n<\/li>\n<li class=\"code-line \" data-line=\"112\">\n<p class=\"code-line \" data-line=\"112\">6.2. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3067 FAPI1 Baseline \u306e\u9069\u7528<\/p>\n<\/li>\n<li class=\"code-line \" data-line=\"114\">\n<p class=\"code-line \" data-line=\"114\">6.3. \"6.1\" \u3068\u540c\u3058\u6761\u4ef6\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3057\u3066\u307f\u308b<\/p>\n<\/li>\n<li class=\"code-line \" data-line=\"116\">\n<p class=\"code-line \" data-line=\"116\">6.4. FAPI1 Baseline \u306b\u5bfe\u5fdc\u3055\u305b\u3066\u8a8d\u53ef\u30b3\u30fc\u30c9\u30d5\u30ed\u30fc\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306e\u53d6\u5f97<\/p>\n<\/li>\n<li class=\"code-line \" data-line=\"118\">\n<p class=\"code-line \" data-line=\"118\">6.5. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3067 FAPI1 Advanced \u306e\u9069\u7528<\/p>\n<\/li>\n<li class=\"code-line \" data-line=\"120\">\n<p class=\"code-line \" data-line=\"120\">6.6. \"6.4\" \u3068\u540c\u3058\u6761\u4ef6\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3057\u3066\u307f\u308b<\/p>\n<\/li>\n<\/ul>\n<h3 id=\"61-%E3%82%AF%E3%83%A9%E3%82%A4%E3%82%A2%E3%83%B3%E3%83%88%E3%83%9D%E3%83%AA%E3%82%B7%E3%83%BC%E3%81%AE%E9%81%A9%E7%94%A8%E5%89%8D%E3%81%AB%E8%AA%8D%E5%8F%AF%E3%82%B3%E3%83%BC%E3%83%89%E3%83%95%E3%83%AD%E3%83%BC%E3%81%A7%E3%82%A2%E3%82%AF%E3%82%BB%E3%82%B9%E3%83%88%E3%83%BC%E3%82%AF%E3%83%B3%E3%81%AE%E5%8F%96%E5%BE%97%E3%81%97%E3%81%A6%E3%81%BF%E3%82%8B\" class=\"code-line \" data-line=\"122\">6.1 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u306e\u9069\u7528\u524d\u306b\u3001\u8a8d\u53ef\u30b3\u30fc\u30c9\u30d5\u30ed\u30fc\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306e\u53d6\u5f97\u3057\u3066\u307f\u308b<a id=\"section6.1\"><\/a><\/h3>\n<p class=\"code-line \" data-line=\"123\">\u307e\u305a\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3092\u9069\u7528\u3059\u308b\u524d\u306b\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u3001\u8a8d\u53ef\u30b3\u30fc\u30c9\u30d5\u30ed\u30fc\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30f3\u3092\u53d6\u5f97\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<h4 id=\"611-%E3%81%BE%E3%81%9A%E3%81%AF%E8%AA%8D%E5%8F%AF%E3%82%A8%E3%83%B3%E3%83%89%E3%83%9D%E3%82%A4%E3%83%B3%E3%83%88%E3%81%AB%E8%AA%8D%E5%8F%AF%E3%83%AA%E3%82%AF%E3%82%A8%E3%82%B9%E3%83%88%E3%82%92%E9%80%81%E4%BF%A1\" class=\"code-line \" data-line=\"125\">6.1.1 \u307e\u305a\u306f\u8a8d\u53ef\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1<\/h4>\n<p class=\"code-line \" data-line=\"126\">\u4f8b\u793a\u3057\u305f Docker Compose \u306e\u8a2d\u5b9a\u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u306a\u308a\u307e\u3059\u3002\u30d6\u30e9\u30a6\u30b6\u3067\u3053\u3061\u3089\u306e<a title=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" data-href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\">\u30ea\u30f3\u30af<\/a>\u3092\u958b\u3044\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"205\"><a title=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https:\/\/client.example.com\/test\" data-href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\">http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https:\/\/client.example.com\/test<\/a><\/li>\n<\/ul>\n<p class=\"code-line \" data-line=\"128\">\u203b\u3000\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3092\u898b\u3084\u3059\u3044\u3088\u3046\u306b\u6539\u884c\u3059\u308b\u3068\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">http:\/\/localhost:8088\/auth\/realms\/samplerealm\/protocol\/openid-connect\/auth?\r\n    response_type=code\r\n    &amp;scope=openid email\r\n    &amp;client_id=test-client\r\n    &amp;state=abcdefghijk\r\n    &amp;redirect_uri=https:\/\/client.example.com\/test<\/pre>\n<h4 class=\"code-line \" data-line=\"128\">6.1.2 \u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u3078\u306e\u30ea\u30c0\u30a4\u30ec\u30af\u30c8<\/h4>\n<p>\u4e0a\u8a18\u306e\u30ea\u30f3\u30af\u3092\u30d6\u30e9\u30a6\u30b6\u3067\u958b\u304f\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u304c\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u3066\u8868\u793a\u3055\u308c\u307e\u3059\u306e\u3067\u3001\u3053\u3053\u3067\u4f5c\u6210\u3057\u305f\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u3092\u5165\u529b\u3057\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u30d5\u30a3\u30fc\u30eb\u30c9\u540d<\/th>\n<th>\u5024<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u30e6\u30fc\u30b6\u30fc\u540d<\/td>\n<td>cl-taro<\/td>\n<\/tr>\n<tr>\n<td>\u30d1\u30b9\u30ef\u30fc\u30c9<\/td>\n<td>password<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46628 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/76acb6736f201c957f849df8f4b0319a-1024x708.png\" alt=\"\" width=\"1024\" height=\"708\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/76acb6736f201c957f849df8f4b0319a-1024x708.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/76acb6736f201c957f849df8f4b0319a-360x249.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/76acb6736f201c957f849df8f4b0319a-768x531.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/76acb6736f201c957f849df8f4b0319a.png 1067w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h4 id=\"613-%E8%AA%8D%E5%8F%AF%E7%94%BB%E9%9D%A2%E3%81%AE%E8%A1%A8%E7%A4%BA\" class=\"code-line \" data-line=\"145\">6.1.3 \u8a8d\u53ef\u753b\u9762\u306e\u8868\u793a<\/h4>\n<p class=\"code-line \" data-line=\"146\">\u30ed\u30b0\u30a4\u30f3\u60c5\u5831\u3067\u5165\u529b\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3053\u3068\u3067\u8a8d\u53ef\u60c5\u5831\u3092\u78ba\u8a8d\u3059\u308b\u753b\u9762\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002 Yes \u3092\u62bc\u4e0b\u3057\u3066\u8a8d\u53ef\u60c5\u5831\u3092\u8a31\u53ef\u3059\u308b\u3053\u3068\u3068\u3057\u307e\u3059\u3002<\/p>\n<p data-line=\"146\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46629 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/cc07fa5bd3080a566508bc651b8285b2-1024x721.png\" alt=\"keycloak-grant-access-view\" width=\"1024\" height=\"721\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/cc07fa5bd3080a566508bc651b8285b2-1024x721.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/cc07fa5bd3080a566508bc651b8285b2-360x254.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/cc07fa5bd3080a566508bc651b8285b2-768x541.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/cc07fa5bd3080a566508bc651b8285b2.png 1065w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h4 id=\"614-%E3%83%AA%E3%83%80%E3%82%A4%E3%83%AC%E3%82%AF%E3%83%88%E3%83%9A%E3%83%BC%E3%82%B8%E3%81%B8%E7%A7%BB%E5%8B%95\" class=\"code-line \" data-line=\"149\">6.1.4 \u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u30da\u30fc\u30b8\u3078\u79fb\u52d5<\/h4>\n<div>\n<p class=\"code-line\" data-line=\"162\">\u8a8d\u53ef\u3092\u8a31\u53ef\u3059\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306a Redirect URI \u3078\u767b\u9332\u3057\u305f\u30da\u30fc\u30b8\u306b\u9077\u79fb\u3057\u307e\u3059\u3002\u4eca\u56de\u306e\u30b1\u30fc\u30b9\u3067\u306f\u4eee\u3067\u4f5c\u6210\u3057\u305f client.example.com\u00a0\u3068\u3044\u3046\u30b5\u30a4\u30c8\u306f\u5b9f\u5728\u3057\u306a\u3044\u306e\u3067\u4e0b\u8a18\u306e\u3088\u3046\u306a \u30a8\u30e9\u30fc\u753b\u9762\u306f\u51fa\u307e\u3059\u304c\u7121\u8996\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p data-line=\"162\">\u203b \u4e0b\u8a18\u753b\u50cf\u306f Google Chrome \u3067\u306e\u4f8b\u3067\u3059\u3002<\/p>\n<p data-line=\"162\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-49255 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/keycloak-redirect-error-1024x551.png\" alt=\"\" width=\"1024\" height=\"551\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/keycloak-redirect-error-1024x551.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/keycloak-redirect-error-360x194.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/keycloak-redirect-error-768x414.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/keycloak-redirect-error-1536x827.png 1536w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/keycloak-redirect-error.png 1686w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p class=\"code-line\" data-line=\"164\">\u30c8\u30fc\u30af\u30f3\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3078\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u4f7f\u3046\u305f\u3081\u3001 \u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u5f8c\u306e\u30d6\u30e9\u30a6\u30b6\u306e URL \u306e\u6b04\u304b\u3089\u3001code \u306e\u5024\u3092\u30e1\u30e2\u3057\u3066\u304a\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n<\/div>\n<ul>\n<li class=\"code-line \" data-line=\"152\">https:\/\/client.example.com\/test?state=abcdefghijk&amp;session_state=43d5774a-3708-4e7d-af12-95ae7089f345&amp;code=0d588770-5fed-4f9f-819e-a585b73883f1.43d5774a-3708-4e7d-af12-95ae7089f345.7adc7336-b65c-48cf-95b4-8505bec3741a<\/li>\n<\/ul>\n<div>\n<div>\n<div>\u4e0a\u8a18\u306e\u4f8b\u3067\u306f 0d588770-5fed-4f9f-819e-a585b73883f1.43d5774a-3708-4e7d-af12-95ae7089f345.7adc7336-b65c-48cf-95b4-8505bec3741a \u3068\u3044\u3046\u5024\u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<\/div>\n<\/div>\n<h4 id=\"615-%E3%83%88%E3%83%BC%E3%82%AF%E3%83%B3%E3%82%A8%E3%83%B3%E3%83%89%E3%83%9D%E3%82%A4%E3%83%B3%E3%83%88%E3%81%AB%E8%AA%8D%E5%8F%AF%E3%82%B3%E3%83%BC%E3%83%89%E3%82%92%E6%8F%90%E7%A4%BA%E3%81%97%E3%81%A6%E3%82%A2%E3%82%AF%E3%82%BB%E3%82%B9%E3%83%88%E3%83%BC%E3%82%AF%E3%83%B3%E3%81%AE%E5%8F%96%E5%BE%97\" class=\"code-line \" data-line=\"154\">6.1.5 \u30c8\u30fc\u30af\u30f3\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u8a8d\u53ef\u30b3\u30fc\u30c9\u3092\u63d0\u793a\u3057\u3066\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306e\u53d6\u5f97<\/h4>\n<p class=\"code-line \" data-line=\"155\">\u3067\u306f\u53d6\u5f97\u3057\u305f\u8a8d\u53ef\u30b3\u30fc\u30c9\u3092\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u306b\u542b\u307f\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306a CURL \u3092\u53e9\u3044\u3066\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">curl -i -X POST \\\r\n   -H \"Content-Type:application\/x-www-form-urlencoded\" \\\r\n   -d \"client_id=test-client\" \\\r\n   -d \"grant_type=authorization_code\" \\\r\n   -d \"code=0d588770-5fed-4f9f-819e-a585b73883f1.43d5774a-3708-4e7d-af12-95ae7089f345.7adc7336-b65c-48cf-95b4-8505bec3741a\" \\\r\n   -d \"redirect_uri=https:\/\/client.example.com\/test\" \\\r\n 'http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/token'<\/pre>\n<p class=\"code-line \" data-line=\"155\">\u4e0b\u8a18\u306e\u3088\u3046\u306b\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u304c\u53d6\u5f97\u3067\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">{\"access_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ4OWNPbWVhQmh5emZONHF5bk9veUlLdlM3WHJuOE1JMXA4M1RGa2hUTkVjIn0.eyJleHAiOjE2Mzc2NzMxMDIsImlhdCI6MTYzNzY3MjgwMiwiYXV0aF90aW1lIjoxNjM3NjcyNDg2LCJqdGkiOiJiYmI3NzljZS1lNTljLTRjNjMtYmUxNS1mNTQ5NTMzMGE0OGMiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODgvYXV0aC9yZWFsbXMvc2FtcGxlLXJlYWxtIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjQ0NTZlMDc3LTkwMmItNDMxZi1hMTIzLTM0ZWQ2OGZiNDk5OCIsInR5cCI6IkJlYXJlciIsImF6cCI6InRlc3QtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjQzZDU3NzRhLTM3MDgtNGU3ZC1hZjEyLTk1YWU3MDg5ZjM0NSIsImFjciI6IjAiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiZGVmYXVsdC1yb2xlcy1zYW1wbGUtcmVhbG0iLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsInNpZCI6IjQzZDU3NzRhLTM3MDgtNGU3ZC1hZjEyLTk1YWU3MDg5ZjM0NSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2wtdGFybyJ9.ZdL4TmhNFCT5SlSZ2T4d0_vziKYDdppApczEm8WczryHVzcLcIi2qH-wGl-vEW192dImoh_DMaKdzy6TUSY7Mg-z-LWLyeDpOBXuRZwzM6MbtzG1p3qB2j-NwsHeQgrnojwsSJTBqi0dr51odpFTYIqxvRD3-UT_WsmQqMux4LZBW9C9G_QKMo0jbple6ZjizK2hv4tUwT9a1adh-ROQO2s0oc9Xhi-N_Gf0Hmi5tgs7mvM8GN9IHzPx6MpbDG8PmVgHhXC_O_qe5jQQ56pmnJxvnUBICxkpdTxWfUbMSKv-v7R8KTa-uLP-56nRKIm02fHzfazTc6vAiu1EfAenbw\",\"expires_in\":300,\"refresh_expires_in\":1800,\"refresh_token\":\"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlOGE2ODM2NC0wMzIyLTRkZTMtYTQ4ZC0zMDE0NzRiZjliNmUifQ.eyJleHAiOjE2Mzc2NzQ2MDIsImlhdCI6MTYzNzY3MjgwMiwianRpIjoiMTgzNGJlNzQtZTk2NC00MWI4LWI5N2ItZGNkZWRjMWE5YTA2IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDg4L2F1dGgvcmVhbG1zL3NhbXBsZS1yZWFsbSIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9hdXRoL3JlYWxtcy9zYW1wbGUtcmVhbG0iLCJzdWIiOiI0NDU2ZTA3Ny05MDJiLTQzMWYtYTEyMy0zNGVkNjhmYjQ5OTgiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoidGVzdC1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiNDNkNTc3NGEtMzcwOC00ZTdkLWFmMTItOTVhZTcwODlmMzQ1Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsInNpZCI6IjQzZDU3NzRhLTM3MDgtNGU3ZC1hZjEyLTk1YWU3MDg5ZjM0NSJ9.DMpNbmmn88mtWIl-v9Sm8NFS359fMsgAtWnehmN_NGY\",\"token_type\":\"Bearer\",\"id_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ4OWNPbWVhQmh5emZONHF5bk9veUlLdlM3WHJuOE1JMXA4M1RGa2hUTkVjIn0.eyJleHAiOjE2Mzc2NzMxMDIsImlhdCI6MTYzNzY3MjgwMiwiYXV0aF90aW1lIjoxNjM3NjcyNDg2LCJqdGkiOiJlZjQxMzgyNC0yYzNlLTRjNjctYjMwNS03ODc1ZTM4ZTk4NjQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODgvYXV0aC9yZWFsbXMvc2FtcGxlLXJlYWxtIiwiYXVkIjoidGVzdC1jbGllbnQiLCJzdWIiOiI0NDU2ZTA3Ny05MDJiLTQzMWYtYTEyMy0zNGVkNjhmYjQ5OTgiLCJ0eXAiOiJJRCIsImF6cCI6InRlc3QtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjQzZDU3NzRhLTM3MDgtNGU3ZC1hZjEyLTk1YWU3MDg5ZjM0NSIsImF0X2hhc2giOiJfYmVHcTFUaWJ2bEduUE1xbExneFRnIiwiYWNyIjoiMCIsInNpZCI6IjQzZDU3NzRhLTM3MDgtNGU3ZC1hZjEyLTk1YWU3MDg5ZjM0NSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2wtdGFybyJ9.IhDVslkvWMRscvFY5D2xJrrO2YkPF6pAqeaFuuJgp7vwUWft_4hIx6f3qUWtAnIqTT1eU-bOy7nG_jBVTMR9ZHRQ91yIht95efYMqSscjT4xApO2h-JjpRbE31YoHG3jZDfEh5V9UNdqM1gsy9uSChvcFIKG0CnW7Uq3LBWJ8-HPcneUI-dz3C1OTQMEuIyC-19igPMT7w_WJD3-r91F3WdD9pZeoX0M7o8_yU9Y3wz7UWywpKEMs0pL3GvEKX3NvdCQoyhzw6W6jcJ81aeJU6YN1mN0G9xIYllsGzKQDdow-o1fOG8LWxn7nLv5cbjRSgOs0WCtmEGLnB0InuRevw\",\"not-before-policy\":0,\"session_state\":\"43d5774a-3708-4e7d-af12-95ae7089f345\",\"scope\":\"openid profile email\"}<\/pre>\n<h4>6.2. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3067 FAPI1 Baseline \u306e\u9069\u7528<a id=\"section6.2\"><\/a><\/h4>\n<p class=\"code-line \" data-line=\"173\">\u6b21\u306b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3092\u8a2d\u5b9a\u3057\u3066\u307f\u307e\u3059\u3002 \u4eca\u56de\u306f FAPI1 Baseline \u3092\u8a2d\u5b9a\u3057\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n<p class=\"code-line \" data-line=\"175\">Keycloak \u306e\u7ba1\u7406\u753b\u9762\u306e\u5de6\u5074\u306e\u30e1\u30cb\u30e5\u30fc\u9805\u76ee\u306e Realm Settings \u306b\u79fb\u52d5\u3057\u3001Client Policies \u306e\u30bf\u30d6\u3092\u958b\u304d\u307e\u3059\u3002\u4f8b\u793a\u3057\u305f Docker Compose \u306e\u8a2d\u5b9a\u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a<a title=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\" href=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\" data-href=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\">URL<\/a>\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"177\"><a title=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\" href=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\" data-href=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\">http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm<\/a><\/li>\n<\/ul>\n<p data-line=\"179\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46631 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/ef6e0456b0291f03791ea466202930a5-1024x717.png\" alt=\"\" width=\"1024\" height=\"717\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/ef6e0456b0291f03791ea466202930a5-1024x717.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/ef6e0456b0291f03791ea466202930a5-360x252.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/ef6e0456b0291f03791ea466202930a5-768x538.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/ef6e0456b0291f03791ea466202930a5-430x300.png 430w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/ef6e0456b0291f03791ea466202930a5.png 1072w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p class=\"code-line \" data-line=\"179\">\u3053\u306e\u753b\u9762\u306b\u306f Profiles \u3068 Policies \u306e\uff12\u3064\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p class=\"code-line \" data-line=\"181\">Profiles \u306f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u4f5c\u6210\u3084\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u8a8d\u8a3c\u306a\u3069\u306e\u632f\u308b\u821e\u3044\u306b\u5f37\u5236\u7684\u306b\u9069\u7528\u3055\u308c\u308b\u30a8\u30b0\u30bc\u30ad\u30e5\u30fc\u30bf\u30fc\u306e\u96c6\u307e\u308a\u3092\u8a2d\u5b9a\u3059\u308b\u9805\u76ee\u3067\u3059\u3002 Profiles \u306b\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u4e0b\u8a18\u306e\uff13\u3064\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"183\">fapi-1-baseline<\/li>\n<li class=\"code-line \" data-line=\"184\">fapi-1-advanced<\/li>\n<li class=\"code-line \" data-line=\"185\">fapi-ciba<\/li>\n<\/ul>\n<div>\n<div>\u6b21\u306b Policies \u306e\u30bf\u30d6\u3078\u79fb\u52d5\u3057\u307e\u3059\u3002Policies \u3068\u3044\u3046\u30bf\u30d6\u306b\u5207\u308a\u66ff\u3048\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306a\u753b\u9762\u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46632 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-policies-view-1024x728.png\" alt=\"\" width=\"1024\" height=\"728\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-policies-view-1024x728.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-policies-view-360x256.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-policies-view-768x546.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-policies-view.png 1069w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<\/div>\n<p class=\"code-line \" data-line=\"187\">Policies \u306f Profiles \u306b\u3042\u308b\u3088\u3046\u306a\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u6307\u5b9a\u3057\u3066\u3001\u3055\u307e\u3056\u307e\u306a\u6761\u4ef6\u3068\u7d10\u4ed8\u3051\u308b\u8a2d\u5b9a\u3059\u308b\u9805\u76ee\u3067\u3059\u3002\u307e\u305a\u306f Create \u3092\u62bc\u3059\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306a\u753b\u9762\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p data-line=\"187\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46634 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createpolicies-view-1024x719.png\" alt=\"\" width=\"1024\" height=\"719\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createpolicies-view-1024x719.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createpolicies-view-360x253.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createpolicies-view-768x539.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createpolicies-view.png 1067w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p class=\"code-line \" data-line=\"187\"><strong>\u00a0test-policy<\/strong> \u3068\u3044\u3046\u540d\u524d\u3092\u5165\u529b\u3057\u3066 Save \u3092\u62bc\u3057\u3066\u30dd\u30ea\u30b7\u30fc\u3092\u4f5c\u6210\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p class=\"code-line \" data-line=\"189\">\u30dd\u30ea\u30b7\u30fc\u3092\u4f5c\u6210\u3057\u305f\u6642\u70b9\u3067\u306f Conditions \u3068 Client Profiles \u306e\u3069\u3061\u3089\u3082\u8a2d\u5b9a\u3055\u308c\u3066\u304a\u308a\u307e\u305b\u3093\u3002<\/p>\n<p data-line=\"189\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46637 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createdpolicies-view-1024x723.png\" alt=\"\" width=\"1024\" height=\"723\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createdpolicies-view-1024x723.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createdpolicies-view-360x254.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createdpolicies-view-768x542.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createdpolicies-view.png 1072w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p class=\"code-line \" data-line=\"191\">\u3067\u306f\u307e\u305a Condition\u00a0\u304b\u3089\u8a2d\u5b9a\u3057\u3066\u3044\u304d\u307e\u3059\u3002 Condition\u00a0\u306f\u3069\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u63a1\u7528\u3059\u308b\u304b\u3084\u3001\u30dd\u30ea\u30b7\u30fc\u3092\u3044\u3064(\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u4f5c\u6210\u30fb\u66f4\u65b0\u6642 or \u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u6642\u306a\u3069)\u63a1\u7528\u3059\u308b\u304b\u3092\u6c7a\u5b9a\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u3067\u3059\u3002\u307e\u305a\u306f Condition \u306e Create \u3092\u62bc\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p class=\"code-line \" data-line=\"193\">\u6700\u521d\u304b\u3089 <strong>any-client<\/strong> \u304c\u9078\u629e\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u3044\u307e\u306f\u305d\u306e\u307e\u307e Save \u3092\u62bc\u3057\u307e\u3059\u3002\u3053\u308c\u3067\u3053\u306e\u30ec\u30eb\u30e0\u306b\u5b58\u5728\u3059\u308b\u3059\u3079\u3066\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u5bfe\u3057\u3066\u3001\u3053\u306e\u30dd\u30ea\u30b7\u30fc\u304c\u6709\u52b9\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<p data-line=\"193\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46636 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createcondition-view-1024x729.png\" alt=\"\" width=\"1024\" height=\"729\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createcondition-view-1024x729.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createcondition-view-360x256.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createcondition-view-768x547.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createcondition-view.png 1069w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p data-line=\"195\">\u4fdd\u5b58\u3055\u308c\u308b\u3068\u3001\u4e0b\u8a18\u306e\u753b\u50cf\u306e\u3088\u3046\u306b Condition \u306e\u6b04\u306b\u60c5\u5831\u304c\u8ffd\u52a0\u3055\u308c\u307e\u3059\u3002<\/p>\n<p data-line=\"195\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46638 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createdcondition-view-1024x723.png\" alt=\"\" width=\"1024\" height=\"723\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createdcondition-view-1024x723.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createdcondition-view-360x254.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createdcondition-view-768x543.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-createdcondition-view.png 1070w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p data-line=\"195\">\u3067\u306f\u6b21\u306b\u3001Client Profiles \u306e\u8a2d\u5b9a\u3092\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<p class=\"code-line \" data-line=\"197\">Add client profile... \u3068\u3044\u3046\u8868\u793a\u3092\u62bc\u3059\u3068\u3001\u9069\u7528\u3059\u308b Profile \u306e\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u308b\u306e\u3067\u3001\u4eca\u56de\u306f <strong>fapi-1-baseline<\/strong> \u3092\u9078\u629e\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p data-line=\"197\">\u8ffd\u52a0\u5f8c\u306e\u753b\u9762\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p data-line=\"197\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46643 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-addedprofile-fapi1-baseline-view-1024x724.png\" alt=\"\" width=\"1024\" height=\"724\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-addedprofile-fapi1-baseline-view-1024x724.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-addedprofile-fapi1-baseline-view-360x254.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-addedprofile-fapi1-baseline-view-768x543.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-addedprofile-fapi1-baseline-view.png 1077w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h3 id=\"63%2261%22-%E3%81%A8%E5%90%8C%E3%81%98%E6%9D%A1%E4%BB%B6%E3%81%A7%E3%82%A2%E3%82%AF%E3%82%BB%E3%82%B9%E3%83%88%E3%83%BC%E3%82%AF%E3%83%B3%E3%81%AE%E5%8F%96%E5%BE%97%E3%81%97%E3%81%A6%E3%81%BF%E3%82%8B\" class=\"code-line \" data-line=\"199\">6.3.\"6.1\" \u3068\u540c\u3058\u6761\u4ef6\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3057\u3066\u307f\u308b<a id=\"section6.3\"><\/a><\/h3>\n<p class=\"code-line \" data-line=\"200\">6.2 \u306e\u8a2d\u5b9a\u3067\u3059\u3079\u3066\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u3001FAPI1 Baseline \u304c\u9069\u7528\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u3067\u306f\u78ba\u8a8d\u306e\u305f\u3081\u306b 6.1 \u3067\u884c\u3063\u305f\u3088\u3046\u306b\u8a8d\u53ef\u30b3\u30fc\u30c9\u30d5\u30ed\u30fc\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<h4 id=\"631-%E3%81%BE%E3%81%9A%E3%81%AF%E8%AA%8D%E5%8F%AF%E3%82%A8%E3%83%B3%E3%83%89%E3%83%9D%E3%82%A4%E3%83%B3%E3%83%88%E3%81%AB%E8%AA%8D%E5%8F%AF%E3%83%AA%E3%82%AF%E3%82%A8%E3%82%B9%E3%83%88%E3%82%92%E9%80%81%E4%BF%A1\" class=\"code-line \" data-line=\"202\">6.3.1 \u307e\u305a\u306f\u8a8d\u53ef\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1<\/h4>\n<p class=\"code-line \" data-line=\"203\">\u4f8b\u793a\u3057\u305f Docker Compose \u306e\u8a2d\u5b9a\u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u306a\u308a\u307e\u3059\u3002\u30d6\u30e9\u30a6\u30b6\u3067\u4e0b\u8a18\u306e<a title=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" data-href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\">URL<\/a>\u3092\u958b\u3044\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"205\"><a title=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" data-href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\">http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid email&amp;client_id=test-client&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest<\/a><\/li>\n<\/ul>\n<h4 id=\"632-%E3%83%AA%E3%83%80%E3%82%A4%E3%83%AC%E3%82%AF%E3%83%88%E5%85%88%E3%81%AE%E7%A2%BA%E8%AA%8D\" class=\"code-line \" data-line=\"207\">6.3.2 \u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u5148\u306e\u78ba\u8a8d<\/h4>\n<p class=\"code-line \" data-line=\"208\">6.1.2 \u306e\u6642\u306f\u3001\u30ed\u30b0\u30a4\u30f3\u30da\u30fc\u30b8\u3078\u306e\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3067\u3059\u304c\u3001\u4eca\u56de\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30a8\u30e9\u30fc\u3092\u793a\u3059\u60c5\u5831\u3092\u542b\u3093\u3067 Redirect URI \u3078\u767b\u9332\u3057\u305f\u30da\u30fc\u30b8\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u3066\u304d\u3066\u3044\u308b\u306f\u305a\u3067\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"210\">https:\/\/client.example.com\/test?error=invalid_request&amp;error_description=Missing+parameter%3A+nonce&amp;state=abcdefghijk<\/li>\n<\/ul>\n<p class=\"code-line \" data-line=\"212\">\u3053\u306eURL\u306e\u30af\u30a8\u30ea\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3092\u30c7\u30b3\u30fc\u30c9\u3057\u3066\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u898b\u3066\u307f\u308b\u3068\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u304c\u7121\u52b9\u3067\u3042\u3063\u305f\u3053\u3068\u3068\u30a8\u30e9\u30fc\u306e\u8aac\u660e\u3068\u3057\u3066\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u306e nonce \u304c\u8db3\u308a\u306a\u3044\u3068\u3044\u3046\u60c5\u5831\u304c\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u30d1\u30e9\u30e1\u30fc\u30bf\u540d<\/th>\n<th>\u5024<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>error<\/td>\n<td>invalid_request<\/td>\n<\/tr>\n<tr>\n<td>error_description<\/td>\n<td>Missing parameter: nonce<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"code-line \" data-line=\"219\">\u3067\u306f FAPI1 Baseline \u306b\u95a2\u9023\u3059\u308b\u8a18\u8ff0\u304c\u306a\u3044\u304b\u3092\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<p class=\"code-line \" data-line=\"221\">\u8a8d\u53ef\u30b5\u30fc\u30d0\u30fc\u306b\u5bfe\u3059\u308b\u8981\u6c42\u4e8b\u9805\u306e\u00a0<a title=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#client-requesting-openid-scope\" href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#client-requesting-openid-scope\" data-href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#client-requesting-openid-scope\">5.2.2.2. Client requesting openid scope<\/a>\u3092\u898b\u308b\u3068\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c openid \u3068\u3044\u3046\u30b9\u30b3\u30fc\u30d7\u3092\u8981\u6c42\u3057\u305f\u5834\u5408\u3001\u8a8d\u53ef\u30b5\u30fc\u30d0\u30fc\u306f nonce \u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3092\u8981\u6c42\u3057\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093<\/p>\n<blockquote>\n<div>\n<div>If the client requests the openid scope, the authorization server<\/div>\n<div>1. shall require the nonce parameter defined in Section 3.1.2.1 of OIDC in the authentication request.<\/div>\n<\/div>\n<\/blockquote>\n<p class=\"code-line \" data-line=\"221\">\u307e\u305f\u3001public \u306a\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u95a2\u3059\u308b\u8981\u6c42\u4e8b\u9805\u306e\u00a0<a title=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#public-client\" href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#public-client\" data-href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#public-client\">5.2.3. Public client<\/a>\u3092\u898b\u308b\u3068\u3001nonce \u3092\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u306b\u542b\u3081\u308b\u3053\u3068\u304c\u5fc5\u8981\u3068\u3042\u308a\u307e\u3059\u3002<\/p>\n<blockquote>\n<div>\n<div>8. shall include the nonce parameter defined in Section 3.1.2.1 of OIDC in the authentication request.<\/div>\n<div><\/div>\n<\/div>\n<\/blockquote>\n<h4>6.4. FAPI1 Baseline \u306b\u5bfe\u5fdc\u3055\u305b\u3066\u8a8d\u53ef\u30b3\u30fc\u30c9\u30d5\u30ed\u30fc\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306e\u53d6\u5f97<a id=\"section6.4\"><\/a><\/h4>\n<p class=\"code-line \" data-line=\"236\">\u3067\u306f\u5148\u7a0b\u306e\u30b1\u30fc\u30b9\u3092\u30d9\u30fc\u30b9\u3068\u3057\u3066 FAPI1 Baseline \u306b\u5408\u308f\u305b\u305f\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u4f5c\u6210\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<h4 id=\"641-nonce%E3%82%92%E5%90%AB%E3%81%BF%E8%AA%8D%E5%8F%AF%E3%82%A8%E3%83%B3%E3%83%89%E3%83%9D%E3%82%A4%E3%83%B3%E3%83%88%E3%81%AB%E8%AA%8D%E5%8F%AF%E3%83%AA%E3%82%AF%E3%82%A8%E3%82%B9%E3%83%88%E3%82%92%E9%80%81%E4%BF%A1\" class=\"code-line \" data-line=\"238\">6.4.1 nonce\u3092\u542b\u307f\u8a8d\u53ef\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1<\/h4>\n<p class=\"code-line \" data-line=\"239\">\u5148\u7a0b\u306e\u30a8\u30e9\u30fc\u3067\u306f nonce \u304c\u8db3\u308a\u306a\u3044\u3068\u3044\u3046\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u3060\u3063\u305f\u306e\u3067\u3001\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u306b nonce \u3092\u8ffd\u52a0\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u4f8b\u793a\u3057\u305f Docker Compose \u306e\u8a2d\u5b9a\u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a<a title=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" data-href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\">URL<\/a>\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"241\"><a title=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\" data-href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest\">http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest<\/a><\/li>\n<\/ul>\n<h4 id=\"642-%E3%83%AA%E3%83%80%E3%82%A4%E3%83%AC%E3%82%AF%E3%83%88%E5%85%88%E3%81%AE%E7%A2%BA%E8%AA%8D\" class=\"code-line \" data-line=\"243\">6.4.2 \u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u5148\u306e\u78ba\u8a8d<\/h4>\n<p class=\"code-line \" data-line=\"244\">\u4eca\u56de\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30a8\u30e9\u30fc\u3092\u793a\u3059\u60c5\u5831\u3092\u542b\u3093\u3067 Redirect URI \u3078\u767b\u9332\u3057\u305f\u30da\u30fc\u30b8\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u3066\u304d\u3066\u3044\u308b\u306f\u305a\u3067\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"246\">https:\/\/client.example.com\/test?error=invalid_request&amp;error_description=Missing+parameter%3A+code_challenge_method&amp;state=abcdefghijk<\/li>\n<\/ul>\n<p class=\"code-line \" data-line=\"248\">\u3053\u306eURL\u306e\u30af\u30a8\u30ea\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3092\u30c7\u30b3\u30fc\u30c9\u3057\u3066\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u898b\u3066\u307f\u308b\u3068\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u304c\u7121\u52b9\u3067\u3042\u3063\u305f\u3053\u3068\u3068\u30a8\u30e9\u30fc\u306e\u8aac\u660e\u3068\u3057\u3066\u5148\u7a0b\u3068\u306f\u9055\u3044\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u306e code_challenge_method \u304c\u8db3\u308a\u306a\u3044\u3068\u3044\u3046\u60c5\u5831\u304c\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u30d1\u30e9\u30e1\u30fc\u30bf\u540d<\/th>\n<th>\u5024<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>error<\/td>\n<td>invalid_request<\/td>\n<\/tr>\n<tr>\n<td>error_description<\/td>\n<td>Missing parameter: code_challenge_method<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"code-line \" data-line=\"255\">\u3067\u306f code_challenge_method \u306f\u4f55\u304b\u3068\u3044\u3046\u3068\u3001\u3053\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u306f\u00a0<a title=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636\" data-href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636\">RFC 7636<\/a>\u306e PKCE \u3068\u3044\u3046\u4ed5\u69d8\u3067\u4f7f\u3046\u30d1\u30e9\u30e1\u30fc\u30bf\u3067\u3059\u3002<\/p>\n<p class=\"code-line \" data-line=\"257\">\u3067\u306f FAPI1 Baseline \u306b\u95a2\u9023\u3059\u308b\u8a18\u8ff0\u304c\u306a\u3044\u304b\u3092\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<p class=\"code-line \" data-line=\"259\">\u8a8d\u53ef\u30b5\u30fc\u30d0\u30fc\u306b\u5bfe\u3059\u308b\u8981\u6c42\u4e8b\u9805\u306e<a title=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#authorization-server\" href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#authorization-server\" data-href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#authorization-server\">5.2.2. Authorization server<\/a>\u3092\u898b\u308b\u3068\u3001code challenge method \u3068\u3057\u3066 S256 \u3092\u6307\u5b9a\u3057\u305f RFC7636 \u3078\u306e\u5bfe\u5fdc\u304c\u5fc5\u8981\u3060\u3068\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<blockquote>\n<div>\n<div>shall require RFC 7636 with S256 as the code challenge method;<\/div>\n<\/div>\n<\/blockquote>\n<p class=\"code-line \" data-line=\"259\">\u307e\u305f\u3001public \u306a\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u95a2\u3059\u308b\u8981\u6c42\u4e8b\u9805\u306e\u00a0<a title=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#public-client\" href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#public-client\" data-href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-1-1_0.html#public-client\">5.2.3. Public client<\/a>\u3092\u898b\u308b\u3068\u3001<a title=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636\" data-href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636\">RFC 7636<\/a>\u00a0= PKCE \u306e\u5bfe\u5fdc\u3068\u3001PKCE \u306e code challenge method \u3068\u3057\u3066 S256 \u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u304c\u8981\u6c42\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<blockquote>\n<div>\n<div>1. shall support RFC7636;<\/div>\n<div>2. shall use S256 as the code challenge method for the RFC7636;<\/div>\n<\/div>\n<\/blockquote>\n<h2 id=\"%E3%82%B3%E3%83%A9%E3%83%A0-pkce%E3%81%A8%E3%81%AF\" class=\"code-line \" data-line=\"272\">\u30b3\u30e9\u30e0: PKCE\u3068\u306f<a id=\"what-is-pkce\"><\/a><\/h2>\n<p class=\"code-line\" data-line=\"293\">PKCE(Proof Key for Code Exchange) \u306f\u30d4\u30af\u30b7\u30fc\u3068\u3082\u547c\u3070\u308c\u3001 OAuth 2.0 \u306e public \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u304a\u3051\u308b\u8a8d\u53ef\u30b3\u30fc\u30c9\u306e\u6a2a\u53d6\u308a\u653b\u6483(authorization code interception attack)\u3092\u8efd\u6e1b\u3059\u308b\u305f\u3081\u306e\u4ed5\u69d8\u3067\u3059\u3002<\/p>\n<p class=\"code-line\" data-line=\"293\">\u3053\u306e\u653b\u6483\u306f\u4e3b\u306b\u30b9\u30de\u30fc\u30c8\u30d5\u30a9\u30f3\u304c\u5bfe\u8c61\u3067\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u30ab\u30b9\u30bf\u30e0URI\u30b9\u30ad\u30fc\u30e0\u306e\u3088\u3046\u306b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u8d77\u52d5\u3059\u308b\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u3044\u308b\u5834\u5408\u3001\u6b63\u898f\u306e\u30a2\u30d7\u30ea\u3068\u5168\u304f\u540c\u3058\u8a2d\u5b9a\u3092\u3057\u305f\u60aa\u610f\u3042\u308b\u30a2\u30d7\u30ea\u3092\u30b9\u30de\u30fc\u30c8\u30d5\u30a9\u30f3\u304c\u610f\u56f3\u305b\u305a\u958b\u3044\u3066\u3057\u307e\u3046\u3053\u3068\u3067\u3001\u8a8d\u53ef\u30b3\u30fc\u30c9\u304c\u60aa\u610f\u3042\u308b\u30a2\u30d7\u30ea\u306b\u6e21\u3063\u3066\u3057\u307e\u3046\u3068\u3044\u3046\u653b\u6483\u3067\u3059\u3002<\/p>\n<div>\n<div>\u56f3\u793a\u3059\u308b\u3068\u4e0b\u8a18\u306e\u90e8\u5206\u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-49321 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/authorization-code-interception-attack-1024x723.png\" alt=\"\" width=\"1024\" height=\"723\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/authorization-code-interception-attack-1024x723.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/authorization-code-interception-attack-360x254.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/authorization-code-interception-attack-768x542.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/02\/authorization-code-interception-attack.png 1040w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div>\n<div><\/div>\n<\/div>\n<div>\n<div>\u307e\u305f\u3001\u3053\u306e\u4ed5\u69d8\u306f\u8a8d\u53ef\u30b3\u30fc\u30c9\u3092\u9001\u4fe1\u3057\u305f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u3001\u30c8\u30fc\u30af\u30f3\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3057\u305f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u540c\u3058\u3067\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u305f\u3081\u306e\u4ed5\u69d8\u3067\u3001\u8a8d\u53ef\u30b3\u30fc\u30c9\u3092\u9001\u4fe1\u3057\u305f\u306e\u304c \"\u8ab0\u304b\" \u3068\u3044\u3046\u60c5\u5831\u306f\u4e00\u5207\u78ba\u8a8d\u3057\u306a\u3044\u70b9\u306b\u3054\u6ce8\u610f\u304f\u3060\u3055\u3044\u3002<\/div>\n<\/div>\n<h4 id=\"%E8%AA%8D%E5%8F%AF%E3%82%B3%E3%83%BC%E3%83%89%E3%81%AE%E6%A8%AA%E5%8F%96%E3%82%8A%E6%94%BB%E6%92%83%E3%81%8C%E7%99%BA%E7%94%9F%E3%81%99%E3%82%8B%E6%9D%A1%E4%BB%B6\" class=\"code-line code-active-line\" data-line=\"315\">\u8a8d\u53ef\u30b3\u30fc\u30c9\u306e\u6a2a\u53d6\u308a\u653b\u6483\u304c\u767a\u751f\u3059\u308b\u6761\u4ef6<a id=\"pkce-pre-conditions\"><\/a><\/h4>\n<p class=\"code-line \" data-line=\"278\">\u307e\u305f\u3001\u8a8d\u53ef\u30b3\u30fc\u30c9\u306e\u6a2a\u53d6\u308a\u653b\u6483\u306f\u3059\u3079\u3066\u306e\u30b1\u30fc\u30b9\u3067\u767a\u751f\u3059\u308b\u3082\u306e\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u4e0b\u8a18\u306e\u524d\u63d0\u3068\u306a\u308b\u6761\u4ef6\u3092\u6e80\u305f\u3059\u5834\u5408\u306b\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li class=\"code-line code-line\" data-line=\"308\">\u653b\u6483\u3059\u308b\u4eba\u304c\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u7aef\u672b\u306b\u60aa\u610f\u306e\u3042\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u767b\u9332\u3057\u3001\u4ed6\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30ab\u30b9\u30bf\u30e0URI\u30b9\u30ad\u30fc\u30e0\u3092\u767b\u9332\u3067\u304d\u3066\u3044\u308b\u3002<\/li>\n<\/ol>\n<ol start=\"2\">\n<li class=\"code-line code-line\" data-line=\"311\">\n<p class=\"code-line code-line\" data-line=\"311\">OAuth 2.0 \u306e\u8a8d\u53ef\u30b3\u30fc\u30c9\u30d5\u30ed\u30fc\u3092\u4f7f\u3063\u3066\u3044\u308b\u3002<\/p>\n<\/li>\n<li class=\"code-line code-line\" data-line=\"313\">\n<p class=\"code-line code-line \" data-line=\"313\">\u653b\u6483\u3059\u308b\u4eba\u304c\u6b63\u5f53\u306a\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e client_id \u3068 client_secret \u3092\u77e5\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3001\u307e\u305f\u306f\u6b63\u5f53\u306a\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u30d1\u30d6\u30ea\u30c3\u30af\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u3001 \u653b\u6483\u3059\u308b\u4eba\u304c client_id \u3092\u77e5\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002<\/p>\n<\/li>\n<li class=\"code-line code-line code-active-line\" data-line=\"316\">\n<p class=\"code-line code-line\" data-line=\"316\">\u653b\u6483\u3059\u308b\u4eba\u304c\u767b\u9332\u3057\u305f\u60aa\u610f\u3042\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u898b\u308b(\u77e5\u308b)\u3053\u3068\u304c\u3067\u304d\u308b\u3002<\/p>\n<p>\u307e\u305f\u3001\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u30ed\u30b0\u3092\u898b\u308b(\u77e5\u308b)\u3053\u3068\u304c\u3067\u304d\u308b\u5834\u5408\u306f\u3001code challenge method \u304c plane \u306e\u5834\u5408\u306f\u30ea\u30b9\u30af\u3092\u8efd\u6e1b\u3067\u304d\u306a\u3044\u3053\u3068\u306b\u6ce8\u610f\u304c\u5fc5\u8981\u3067\u3059\u3002code challenge method \u3068\u3057\u3066 S256 \u306e\u63a1\u7528\u3092\u691c\u8a0e\u304c\u5fc5\u8981\u3067\u3059\u3002<\/li>\n<\/ol>\n<h4 id=\"%E7%94%A8%E8%AA%9E\" class=\"code-line \" data-line=\"289\">\u7528\u8a9e<a id=\"pkce-terminology\"><\/a><\/h4>\n<p class=\"code-line \" data-line=\"290\">PKCE \u3092\u7406\u89e3\u3059\u308b\u305f\u3081\u306b\u4e0b\u8a18\u306e\u7528\u8a9e\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u540d\u524d<\/th>\n<th>\u7528\u9014<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>code verifier<\/td>\n<td>\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3054\u3068\u306b\u52d5\u7684\u306b\u751f\u6210\u3059\u308b\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3002\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3068\u30c8\u30fc\u30af\u30f3\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u95a2\u9023\u3065\u3051\u308b\u305f\u3081\u306b\u4f7f\u7528<\/td>\n<\/tr>\n<tr>\n<td>code challenge<\/td>\n<td>code_verifier\u3092code challenge method\u3067\u5909\u63db\u3057\u305f\u5024\u3002\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u542b\u307e\u308c\u3001\u5f8c\u306b\u30c8\u30fc\u30af\u30f3\u30ea\u30af\u30a8\u30b9\u30c8\u6642\u306b\u691c\u8a3c\u306b\u4f7f\u7528\u3002<\/td>\n<\/tr>\n<tr>\n<td>code challenge method<\/td>\n<td>code challenge\u3092\u751f\u6210\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u305f\u65b9\u6cd5\u3002plain(=\u5e73\u6587)\u304bS256(=sha256)\u306e\u3069\u3061\u3089\u304b\u3002<a title=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.2\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.2\" data-href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.2\">RFC 7636<\/a>\u00a0\u3067\u3082\u3042\u308b\u901a\u308a\u3001\u4f7f\u7528\u3067\u304d\u308b\u5834\u5408\u306fS256\u3092\u4f7f\u7528\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u305a\u3001\u306a\u3093\u3089\u304b\u306e\u6280\u8853\u7684\u306a\u7406\u7531\u3067S256\u304c\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u3092\u77e5\u3063\u3066\u3044\u308b\u5834\u5408\u306b\u9650\u308aplane\u306e\u4f7f\u7528\u304c\u8a31\u53ef\u3055\u308c\u308b\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4 id=\"pkce%E3%81%AE%E6%B5%81%E3%82%8C\" class=\"code-line \" data-line=\"297\">PKCE\u306e\u51e6\u7406\u306e\u6d41\u308c<a id=\"pkce-flow\"><\/a><\/h4>\n<div>\n<div>\u00a0PKCE \u306e\u3075\u308b\u307e\u3044\u306b\u3064\u3044\u3066\u3001\u7c21\u6613\u306a\u30b7\u30fc\u30b1\u30f3\u30b9\u3067\u8868\u73fe\u3059\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-49677\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/03\/pkce-sequence-989x1024.png\" alt=\"\" width=\"989\" height=\"1024\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/03\/pkce-sequence-989x1024.png 989w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/03\/pkce-sequence-348x360.png 348w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/03\/pkce-sequence-768x795.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2022\/03\/pkce-sequence.png 1202w\" sizes=\"auto, (max-width: 989px) 100vw, 989px\" \/><\/div>\n<div><\/div>\n<\/div>\n<ol>\n<li class=\"code-line\" data-line=\"333\">\n<p class=\"code-line\" data-line=\"333\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f code verifier \u3068\u547c\u3070\u308c\u308b\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3054\u3068\u306b\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li class=\"code-line\" data-line=\"335\">\n<p class=\"code-line\" data-line=\"335\">code verifier \u3092\u3000code challenge method \u3067\u5909\u63db\u3057\u3066\u3001code challenge \u3092\u6e96\u5099\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n<li class=\"code-line\" data-line=\"337\">\n<p class=\"code-line\" data-line=\"337\">\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u306f code challenge \u3068\u3000code challenge method \u3092\u542b\u3081\u3066\u8a8d\u53ef\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li class=\"code-line\" data-line=\"339\">\n<p class=\"code-line\" data-line=\"339\">\u8a8d\u53ef\u30b5\u30fc\u30d0\u30fc\u306f code challenge \u3068\u3000code challenge method \u3092\u8a8d\u53ef\u30b3\u30fc\u30c9\u306b\u7d10\u4ed8\u3051\u3066\u4efb\u610f\u306e\u5834\u6240\u306b\u4fdd\u5b58\u3057\u3001\u8a8d\u53ef\u30b3\u30fc\u30c9\u3092\u8fd4\u5374\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li class=\"code-line\" data-line=\"341\">\n<p class=\"code-line\" data-line=\"341\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f\u30c8\u30fc\u30af\u30f3\u30ea\u30af\u30a8\u30b9\u30c8\u6642\u306b\u3001\u8a8d\u53ef\u30b3\u30fc\u30c9\u3068\u5171\u306b code verifier \u3092\u9001\u4fe1\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li class=\"code-line\" data-line=\"343\">\n<p class=\"code-line\" data-line=\"343\">\u8a8d\u53ef\u30b5\u30fc\u30d0\u30fc\u306f\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u304d\u305f code verifier \u3092\u8a8d\u53ef\u30b3\u30fc\u30c9\u306b\u7d10\u3065\u3051\u3066\u4fdd\u5b58\u3057\u3066\u3044\u305f\u3001code challenge method \u3067\u5909\u63db\u3057\u3066\u3001\u305d\u306e\u5024\u304c code challenge \u3068\u4e00\u81f4\u3059\u308b\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u3053\u3053\u3067\u4e00\u81f4\u3057\u306a\u3044\u5834\u5408\u306f\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3057\u305f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u3001\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u9001\u4fe1\u3057\u305f\u30af\u30e9\u30a2\u30f3\u30c8\u304c\u5225\u3060\u3068\u5224\u65ad\u3057\u3066\u30a8\u30e9\u30fc\u3092\u8fd4\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<div>\n<div>\u3067\u306f PKCE \u306e\u6d41\u308c\u3092\u30a4\u30e1\u30fc\u30b8\u3067\u304d\u305f\u3068\u3053\u308d\u3067\u3001\u5143\u306e\u51e6\u7406\u306b\u623b\u308a\u307e\u3057\u3087\u3046\u3002<\/div>\n<\/div>\n<h4 id=\"643-keycloak%E3%81%ABpkce%E3%81%AB%E5%AF%BE%E5%BF%9C%E3%81%95%E3%81%9B%E3%82%8B%E8%A8%AD%E5%AE%9A%E3%82%92%E8%A1%8C%E3%81%86\" class=\"code-line \" data-line=\"307\">6.4.3 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092PKCE\u306b\u5bfe\u5fdc\u3055\u305b\u308b\u8a2d\u5b9a\u3092\u884c\u3046<\/h4>\n<p class=\"code-line \" data-line=\"308\">PKCE \u306b\u5bfe\u5fdc\u3057\u305f\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3057\u3066\u307f\u307e\u3059\u3002 \u3057\u304b\u3057 Keycloak \u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f PKCE \u304c\u6709\u52b9\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u306e\u3067\u307e\u305a\u306f\u8a2d\u5b9a\u304b\u3089\u884c\u3063\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n<p class=\"code-line \" data-line=\"311\">Keycloak \u306e\u7ba1\u7406\u753b\u9762\u306e\u5de6\u5074\u306e\u30e1\u30cb\u30e5\u30fc\u9805\u76ee Client \u306e\u79fb\u52d5\u3057\u3001\u4f5c\u6210\u3057\u305f <strong>test-client<\/strong>\u3092\u62bc\u4e0b\u3057\u3066\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u8a2d\u5b9a\u3092\u958b\u304d\u307e\u3059\u3002<\/p>\n<p data-line=\"311\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46641 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-setting-testclient-view-1024x728.png\" alt=\"\" width=\"1024\" height=\"728\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-setting-testclient-view-1024x728.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-setting-testclient-view-360x256.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-setting-testclient-view-768x546.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-setting-testclient-view.png 1070w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p class=\"code-line \" data-line=\"311\">Setting \u30bf\u30d6\u304c\u958b\u304b\u308c\u3066\u3044\u308b\u72b6\u614b\u3067\u3001\u305d\u306e\u307e\u307e\u4e0b\u306b\u30c9\u30e9\u30c3\u30b0\u3057\u3066\u3001Advanced Settings \u3092\u958b\u304d\u307e\u3059\u3002<\/p>\n<div>\n<div>Proof Key for Code Exchange Code Challenge Method \u3068\u3044\u3046\u9805\u76ee\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u3053\u306e\u5024\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u753b\u50cf\u306e\u3088\u3046\u306b\u7a7a\u767d\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/div>\n<\/div>\n<div><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46642 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-setting-advanced-setting-view-1024x725.png\" alt=\"\" width=\"1024\" height=\"725\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-setting-advanced-setting-view-1024x725.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-setting-advanced-setting-view-360x255.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-setting-advanced-setting-view-768x544.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-setting-advanced-setting-view.png 1071w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div>\n<p class=\"code-line \" data-line=\"315\">\u3053\u306e\u30d5\u30a3\u30fc\u30eb\u30c9\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\uff13\u7a2e\u985e\u306e\u5024\u3092\u6307\u5b9a\u3067\u304d\u307e\u3059\u306e\u3067\u3001S256 \u3092\u9078\u629e\u3057\u3066 Save \u3092\u62bc\u4e0b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<table style=\"width: 100%;height: 139px\">\n<thead>\n<tr style=\"height: 23px\">\n<th style=\"height: 23px\">\u5024<\/th>\n<th style=\"height: 23px\">\u610f\u5473<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr style=\"height: 70px\">\n<td style=\"height: 70px\">(blank)<\/td>\n<td style=\"height: 70px\">\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304cPKCE\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3092Keycloak\u306e\u8a8d\u53ef\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u9069\u5207\u306b\u9001\u4fe1\u3057\u306a\u3044\u9650\u308a\u3001Keycloak\u306fPKCE\u3092\u9069\u7528\u3057\u307e\u305b\u3093\u3002\u3053\u308c\u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u3067\u3059\u3002<\/td>\n<\/tr>\n<tr style=\"height: 23px\">\n<td style=\"height: 23px\">S256<\/td>\n<td style=\"height: 23px\">\u30b3\u30fc\u30c9\u30fb\u30c1\u30e3\u30ec\u30f3\u30b8\u30fb\u30e1\u30bd\u30c3\u30c9\u3092S256\u3068\u3057\u3066PKCE\u3092\u9069\u7528\u3057\u307e\u3059<\/td>\n<\/tr>\n<tr style=\"height: 23px\">\n<td style=\"height: 23px\">plain<\/td>\n<td style=\"height: 23px\">\u30b3\u30fc\u30c9\u30fb\u30c1\u30e3\u30ec\u30f3\u30b8\u30fb\u30e1\u30bd\u30c3\u30c9\u3092plain\u3068\u3057\u3066PKCE\u3092\u9069\u7528\u3057\u307e\u3059<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4 id=\"644-pkce%E3%81%AB%E5%AF%BE%E5%BF%9C%E3%81%97%E3%81%9F%E8%AA%8D%E5%8F%AF%E3%83%AA%E3%82%AF%E3%82%A8%E3%82%B9%E3%83%88%E3%82%92%E9%80%81%E3%82%8B%E6%BA%96%E5%82%99\" class=\"code-line \" data-line=\"324\">6.4.4 PKCE\u306b\u5bfe\u5fdc\u3057\u305f\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u308b\u6e96\u5099<\/h4>\n<p class=\"code-line \" data-line=\"325\">\u3067\u306f\u5143\u306e\u51e6\u7406\u306b\u623b\u308a\u3001PKCE \u306b\u5bfe\u5fdc\u3057\u305f\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3059\u308b\u6e96\u5099\u3092\u3057\u307e\u3057\u3087\u3046\u3002 \u307e\u305a\u306f\u4efb\u610f\u306e code verifier \u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<p class=\"code-line \" data-line=\"328\"><a title=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.1\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.1\" data-href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.1\">RFC7636<\/a>\u306b\u3088\u308b\u3068 code verifier \u306f\u4e0b\u8a18\u306e\u6761\u4ef6\u3092\u6e80\u305f\u3059\u3082\u306e\u3067\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"329\">\u9577\u3055\u306f\uff14\uff13~\uff11\uff12\uff18\u6587\u5b57<\/li>\n<li class=\"code-line \" data-line=\"330\">\u4f7f\u7528\u53ef\u80fd\u6587\u5b57\u306f\u3001[A-Z] \/ [a-z] \/ [0-9] \/ \"-\" \/ \".\" \/ \"_\" \/ \"~\"<\/li>\n<\/ul>\n<p class=\"code-line \" data-line=\"332\">\u307e\u305f\u3001<a title=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.1\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.1\" data-href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.1\">RFC7636<\/a>\u306b\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u88dc\u8db3\u60c5\u5831\u3082\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<blockquote>\n<div>\n<div>NOTE: The code verifier SHOULD have enough entropy to make it<\/div>\n<div>impractical to guess the value. It is RECOMMENDED that the output of<\/div>\n<div>a suitable random number generator be used to create a 32-octet<\/div>\n<div>sequence. The octet sequence is then base64url-encoded to produce a<\/div>\n<div>43-octet URL safe string to use as the code verifier.<\/div>\n<\/div>\n<\/blockquote>\n<p class=\"code-line \" data-line=\"332\">\u4eca\u56de\u306f\u3053\u308c\u306b\u5f93\u3063\u3066\u3001\u9069\u5207\u306a\u4e71\u6570\u767a\u751f\u5668\u306e\u51fa\u529b\u3092\u4f7f\u7528\u3057\u3066\u3001\u30e9\u30f3\u30c0\u30e0\u306a\uff13\uff12\u6587\u5b57\u306e\u6587\u5b57\u5217\u3092\u4f5c\u6210\u3057\u3001base64URL \u3067\u30a8\u30f3\u30b3\u30fc\u30c9\u3092\u884c\u3044 code verifier \u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<p data-line=\"332\">\u4eca\u56de\u306f\u4e0b\u8a18\u306e\u30b3\u30de\u30f3\u30c9\u3067\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">$ openssl rand -base64 32 | tr '\/+' '_-' | tr -d '='\r\n09CgSwrVcqat4ZE6JXzWkIW9Ox61aX8rDY_oWcBWgkA<\/pre>\n<p class=\"code-line \" data-line=\"350\">\u3067\u306f\u6b21\u306b code challenge \u3092\u4f5c\u6210\u3057\u307e\u3059\u3002code challenge \u3092\u4f5c\u6210\u3059\u308b\u305f\u3081\u306e code challenge method \u306f FAPI1 Baseline \u306e\u8981\u6c42\u4e8b\u9805\u3068\u3057\u3066 S256 \u3092\u6307\u5b9a\u306b\u5f93\u3044 sha256 \u3068\u3057\u307e\u3059\u3002<a title=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.2\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.2\" data-href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7636#section-4.2\">RFC 7636<\/a>\u3069\u304a\u308a\u306b sha256 \u3067\u30cf\u30c3\u30b7\u30e5\u5316\u3057\u305f\u5f8c\u3001base64URL \u3067\u30a8\u30f3\u30b3\u30fc\u30c9\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n<blockquote>\n<div>\n<div>code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier)))<\/div>\n<\/div>\n<\/blockquote>\n<p class=\"code-line \" data-line=\"350\">\u30b3\u30de\u30f3\u30c9\u3067\u884c\u3046\u4f8b\u3092\u63d0\u793a\u3059\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">$ echo -n '09CgSwrVcqat4ZE6JXzWkIW9Ox61aX8rDY_oWcBWgkA' | openssl dgst -sha256 -binary | openssl base64 | tr '\/+' '_-' | tr -d '='\r\n\r\nx5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE<\/pre>\n<p class=\"code-line \" data-line=\"361\">\u3053\u308c\u3067 code verifier, code challenge, code challenge method \u306e\u5404\u5024\u304c\u63c3\u3044\u307e\u3057\u305f\u3002\u4eca\u56de\u306f\u4e0b\u8a18\u306e\u5024\u3092\u7528\u3044\u3066\u691c\u8a3c\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u540d\u524d<\/th>\n<th>\u5024<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>code verifier<\/td>\n<td>09CgSwrVcqat4ZE6JXzWkIW9Ox61aX8rDY_oWcBWgkA<\/td>\n<\/tr>\n<tr>\n<td>code challenge<\/td>\n<td>x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE<\/td>\n<\/tr>\n<tr>\n<td>code challenge method<\/td>\n<td>S256<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4 id=\"645-pkce%E3%81%AB%E5%AF%BE%E5%BF%9C%E3%81%97%E3%81%9F%E8%AA%8D%E5%8F%AF%E3%83%AA%E3%82%AF%E3%82%A8%E3%82%B9%E3%83%88%E3%82%92%E9%80%81%E3%82%8B\" class=\"code-line \" data-line=\"369\">6.4.5 PKCE\u306b\u5bfe\u5fdc\u3057\u305f\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u308b<\/h4>\n<p class=\"code-line \" data-line=\"370\">\u3067\u306f PKCE \u306b\u5bfe\u5fdc\u3057\u305f\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u3063\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u306b code_challenge \u3068\u3001 code_challenge_method \u3092\u8ffd\u52a0\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u4f8b\u793a\u3057\u305f Docker Compose \u306e\u8a2d\u5b9a\u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u306f<a href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256\">\u4e0b\u8a18<\/a>\u306e\u3088\u3046\u306a\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"372\"><a title=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256\" href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256\" data-href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256\">http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256<\/a><\/li>\n<\/ul>\n<h4 id=\"646-%E3%83%AA%E3%83%80%E3%82%A4%E3%83%AC%E3%82%AF%E3%83%88%E3%83%9A%E3%83%BC%E3%82%B8%E3%81%B8%E7%A7%BB%E5%8B%95\" class=\"code-line \" data-line=\"374\">6.4.6 \u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u30da\u30fc\u30b8\u3078\u79fb\u52d5<\/h4>\n<p class=\"code-line \" data-line=\"375\">\u8a8d\u53ef\u306f\u65e2\u306b 6.1.3 \u306e\u6642\u70b9\u3067\u8a31\u53ef\u3055\u308c\u3066\u304a\u308a\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u8a8d\u8a3c\u306b\u3064\u3044\u3066\u3082\u30bb\u30c3\u30b7\u30e7\u30f3\u304c\u6b8b\u3063\u3066\u3044\u308b\u306e\u3067\u3001\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u305f\u5148\u3078\u79fb\u52d5\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"377\">https:\/\/client.example.com\/test?state=abcdefghijk&amp;session_state=b53f3214-c5bf-4a8b-b12c-c29b51f7d685&amp;code=a5f2b9cf-e9d3-41de-9f9f-93a15fde68a4.b53f3214-c5bf-4a8b-b12c-c29b51f7d685.3bd898d3-bb26-48fc-af88-44c6e2bcde57<\/li>\n<\/ul>\n<h4 id=\"647-%E3%83%88%E3%83%BC%E3%82%AF%E3%83%B3%E3%82%A8%E3%83%B3%E3%83%89%E3%83%9D%E3%82%A4%E3%83%B3%E3%83%88%E3%81%AB%E8%AA%8D%E5%8F%AF%E3%82%B3%E3%83%BC%E3%83%89%E3%82%92%E6%8F%90%E7%A4%BA%E3%81%97%E3%81%A6%E3%82%A2%E3%82%AF%E3%82%BB%E3%82%B9%E3%83%88%E3%83%BC%E3%82%AF%E3%83%B3%E3%81%AE%E5%8F%96%E5%BE%97\" class=\"code-line \" data-line=\"379\">6.4.7 \u30c8\u30fc\u30af\u30f3\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u8a8d\u53ef\u30b3\u30fc\u30c9\u3092\u63d0\u793a\u3057\u3066\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u306e\u53d6\u5f97<\/h4>\n<p class=\"code-line \" data-line=\"380\">\u3067\u306f\u53d6\u5f97\u3057\u305f\u8a8d\u53ef\u30b3\u30fc\u30c9\u3092\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u306b\u542b\u307f\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306a CURL \u30b3\u30de\u30f3\u30c9\u3092\u53e9\u3044\u3066\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">curl -i -X POST \\\r\n   -H \"Content-Type:application\/x-www-form-urlencoded\" \\\r\n   -d \"client_id=test-client\" \\\r\n   -d \"grant_type=authorization_code\" \\\r\n   -d \"code=a5f2b9cf-e9d3-41de-9f9f-93a15fde68a4.b53f3214-c5bf-4a8b-b12c-c29b51f7d685.3bd898d3-bb26-48fc-af88-44c6e2bcde57\" \\\r\n   -d \"redirect_uri=https:\/\/client.example.com\/test\" \\\r\n 'http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/token'<\/pre>\n<p class=\"code-line \" data-line=\"380\">\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u898b\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30a8\u30e9\u30fc(\u4e0b\u8a18\u306f\u4e00\u90e8\u7701\u7565)\u304c\u8fd4\u3063\u3066\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">HTTP\/1.1 400 Bad Request {\"error\":\"invalid_grant\",\"error_description\":\"PKCE code verifier not specified\"}<\/pre>\n<p class=\"code-line code-line \" data-line=\"415\">\u3053\u308c\u306f PKCE \u306e code verifier \u304c\u542b\u307e\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u30d5\u30a3\u30fc\u30eb\u30c9\u540d<\/th>\n<th>\u5024<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>error<\/td>\n<td>invalid_grant<\/td>\n<\/tr>\n<tr>\n<td>error_description<\/td>\n<td>PKCE code verifier not specified<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"code-line \" data-line=\"380\">\u3067\u306f code verifier \u3092\u542b\u3093\u3067\u518d\u9001\u4fe1\u3059\u308b\u524d\u306b\u3001\u518d\u5ea6\u8a8d\u53ef\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u308a\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u305f\u5148\u304b\u3089\u8a8d\u53ef\u30b3\u30fc\u30c9\u3092\u53d6\u5f97\u3057\u3066\u304f\u3060\u3055\u3044<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"380\"><a title=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256\" href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256\" data-href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256\">http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256<\/a><\/li>\n<\/ul>\n<p class=\"code-line \" data-line=\"402\">\u4eca\u56de\u3082\u8a8d\u53ef\u306f\u65e2\u306b 6.1.3 \u306e\u6642\u70b9\u3067\u8a31\u53ef\u3055\u308c\u3066\u304a\u308a\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u8a8d\u8a3c\u306b\u3064\u3044\u3066\u3082\u30bb\u30c3\u30b7\u30e7\u30f3\u304c\u6b8b\u3063\u3066\u3044\u308b\u306e\u3067\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u305f\u5148\u3078\u79fb\u52d5\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line \" data-line=\"403\">https:\/\/client.example.com\/test?state=abcdefghijk&amp;session_state=b53f3214-c5bf-4a8b-b12c-c29b51f7d685&amp;code=48980fbe-e45e-4332-873a-e9da28f36787.b53f3214-c5bf-4a8b-b12c-c29b51f7d685.3bd898d3-bb26-48fc-af88-44c6e2bcde57<\/li>\n<\/ul>\n<p class=\"code-line \" data-line=\"405\">\u3067\u306f\u53d6\u5f97\u3057\u305f\u8a8d\u53ef\u30b3\u30fc\u30c9\u3068\u3001PKCE \u306e code verifier \u3092\u542b\u3093\u3067\u4e0b\u8a18\u306e\u3088\u3046\u306a CURL \u30b3\u30de\u30f3\u30c9\u3092\u53e9\u3044\u3066\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">curl -i -X POST \\\r\n   -H \"Content-Type:application\/x-www-form-urlencoded\" \\\r\n   -d \"client_id=test-client\" \\\r\n   -d \"grant_type=authorization_code\" \\\r\n   -d \"code=48980fbe-e45e-4332-873a-e9da28f36787.b53f3214-c5bf-4a8b-b12c-c29b51f7d685.3bd898d3-bb26-48fc-af88-44c6e2bcde57\" \\\r\n   -d \"code_verifier=09CgSwrVcqat4ZE6JXzWkIW9Ox61aX8rDY_oWcBWgkA\" \\\r\n   -d \"redirect_uri=https:\/\/client.example.com\/test\" \\\r\n 'http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/token'<\/pre>\n<p class=\"code-line \" data-line=\"405\">\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30ec\u30b9\u30dd\u30f3\u30b9\u304c\u8fd4\u308a\u3001\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u304c\u53d6\u5f97\u3067\u304d\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u30d1\u30d6\u30ea\u30c3\u30af\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u8a8d\u53ef\u30b3\u30fc\u30c9\u3092\u7528\u3044\u305f\u30b1\u30fc\u30b9\u306b\u304a\u3044\u3066\u3001FAPI1 Baseline \u306b\u6e96\u62e0\u3057\u305f\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3067\u304d\u308b\u3068\u3053\u308d\u307e\u3067\u306f\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">{\"access_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJHSHJ1c1NhU25SMmFrY2x2bG1lTTdXTzdXTUUwZlBveVYtSlpwb1NYT2hZIn0.eyJleHAiOjE2MzY4OTQ0OTksImlhdCI6MTYzNjg5NDE5OSwiYXV0aF90aW1lIjoxNjM2ODkyODI3LCJqdGkiOiI1ODdmZjM4Ny1iNjJiLTQ2ZDAtYWRmYS0xNWMyODBlMDYxYTMiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODgvYXV0aC9yZWFsbXMvc2FtcGxlLXJlYWxtIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjBiNDVlNWQ0LTk2MTEtNGM4NS04NjNmLTAyYjU2NWRmY2IwMiIsInR5cCI6IkJlYXJlciIsImF6cCI6InRlc3QtY2xpZW50Iiwibm9uY2UiOiJhYmNkZWZnaGlqayIsInNlc3Npb25fc3RhdGUiOiJiNTNmMzIxNC1jNWJmLTRhOGItYjEyYy1jMjliNTFmN2Q2ODUiLCJhY3IiOiIwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iLCJkZWZhdWx0LXJvbGVzLXNhbXBsZXJlYWxtIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsInNpZCI6ImI1M2YzMjE0LWM1YmYtNGE4Yi1iMTJjLWMyOWI1MWY3ZDY4NSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2wtdGFybyJ9.XCWLiwz9flPUAKJE6qXrGxiNNitsXhbLD-NiGj-AJK2eOkRX1M2lEsha1u4YdxCxxYjWRF0u6vVx1pwejjiUrI2OiVpDGKJlNj22zgLz8H-hCysnsc1Uv4xMipu3dbz8BOhAphHoBKQgpOPHQ-HYw3vi2ypcn2ypgphVKPUcdxc8T0XlqhhuZNAX9xxs9MRvt05AeZEX0RV6V9UajwRDL66O2pmXdS6GNTlBlabRnmjEbw5-Mxeyifo7NNYWiIs810ZLXTp25-n8VRoWK3DZHsLo-XkEdHYNuVstepgbcN-KrSfL-ai6FZpX0bBGa1Y3y1izuwLDd2Ohl18UVtCcxg\",\"expires_in\":300,\"refresh_expires_in\":1800,\"refresh_token\":\"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxZDViZDI5OC1hZWQ4LTRmZmItOTc2NC00ZTNkNTdhMTJjNTMifQ.eyJleHAiOjE2MzY4OTU5OTksImlhdCI6MTYzNjg5NDE5OSwianRpIjoiYmM1ZmZiZmUtMzExMy00MjIzLTgxZjAtZDgxYzBkZGE2ZDE1IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDg4L2F1dGgvcmVhbG1zL3NhbXBsZS1yZWFsbSIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9hdXRoL3JlYWxtcy9zYW1wbGUtcmVhbG0iLCJzdWIiOiIwYjQ1ZTVkNC05NjExLTRjODUtODYzZi0wMmI1NjVkZmNiMDIiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoidGVzdC1jbGllbnQiLCJub25jZSI6ImFiY2RlZmdoaWprIiwic2Vzc2lvbl9zdGF0ZSI6ImI1M2YzMjE0LWM1YmYtNGE4Yi1iMTJjLWMyOWI1MWY3ZDY4NSIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwiLCJzaWQiOiJiNTNmMzIxNC1jNWJmLTRhOGItYjEyYy1jMjliNTFmN2Q2ODUifQ.X2Nzir5MjspbJLAmsIB2TesDJLAfzsWxmyps1fgHc-Q\",\"token_type\":\"Bearer\",\"id_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJHSHJ1c1NhU25SMmFrY2x2bG1lTTdXTzdXTUUwZlBveVYtSlpwb1NYT2hZIn0.eyJleHAiOjE2MzY4OTQ0OTksImlhdCI6MTYzNjg5NDE5OSwiYXV0aF90aW1lIjoxNjM2ODkyODI3LCJqdGkiOiI4ZDgwZmEwZC1jMmE0LTQ1ZWUtODdkMS1iYWVmMmI2OGNjNDYiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODgvYXV0aC9yZWFsbXMvc2FtcGxlLXJlYWxtIiwiYXVkIjoidGVzdC1jbGllbnQiLCJzdWIiOiIwYjQ1ZTVkNC05NjExLTRjODUtODYzZi0wMmI1NjVkZmNiMDIiLCJ0eXAiOiJJRCIsImF6cCI6InRlc3QtY2xpZW50Iiwibm9uY2UiOiJhYmNkZWZnaGlqayIsInNlc3Npb25fc3RhdGUiOiJiNTNmMzIxNC1jNWJmLTRhOGItYjEyYy1jMjliNTFmN2Q2ODUiLCJhdF9oYXNoIjoiVGthTjBXbkpydUc2MlAtdnZkLVgxdyIsImFjciI6IjAiLCJzaWQiOiJiNTNmMzIxNC1jNWJmLTRhOGItYjEyYy1jMjliNTFmN2Q2ODUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImNsLXRhcm8ifQ.Fbz_fhGRutbJRqKSOHq1GptKdTPOMW5DmG-vVxvlrByrOcxMABN6CAd9s9fuC_IuKkqZyFY0IbUZdBapTq7XANvmtI9BbolfGi43Ws4OwHZrGAm0meMfQScBricBRxMSZmVGwCQBWjLrIcCCUSRTVn22OCjrlqj6gXRwe6lhXwbeRoWdfbr27Qc-0RQJI62QdhS6ZGYcD20_S7c7PimHATyr80cQVIkG2hn-Ej9jmYn-xTHBjdnPWDDioC1Eqedi6UBuwpfKOEQ60CzEn5bbzuovekR-RS2_WeS5lqxkTFDQcglZrrcjLdE_PLeNKyminaqKTbWpw6h0dxoX2O4iLA\",\"not-before-policy\":0,\"session_state\":\"b53f3214-c5bf-4a8b-b12c-c29b51f7d685\",\"scope\":\"openid profile email\"}<\/pre>\n<h4>6.5. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3067 FAPI1 Advanced \u306e\u9069\u7528<a id=\"section6.5\"><\/a><\/h4>\n<p class=\"code-line\" data-line=\"424\">\u6b21\u306b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3092\u5909\u66f4\u3057\u3066\u307f\u307e\u3059\u3002 \u3055\u304d\u307b\u3069\u307e\u3067\u306f FAPI1 Baseline \u3060\u3063\u305f\u306e\u3067\u6b21\u306f FAPI1 Advanced \u3092\u8a2d\u5b9a\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p class=\"code-line\" data-line=\"426\"><em>6.2. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3067 FAPI1 Baseline \u306e\u9069\u7528<\/em> \u3067\u4f5c\u6210\u3057\u305f\u3001<strong>test-policy<\/strong>\u00a0\u306e<a href=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\/client-policies\/policies-update\/test-policy\">\u8a2d\u5b9a\u753b\u9762<\/a>\u306b\u79fb\u52d5\u3057\u307e\u3059\u3002\u4f8b\u793a\u3057\u305f Docker Compose \u306e\u8a2d\u5b9a\u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u4e0b\u8a18\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line\" data-line=\"429\"><a title=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\/client-policies\/policies-update\/test-policy\" href=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\/client-policies\/policies-update\/test-policy\" data-href=\"http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\/client-policies\/policies-update\/test-policy\">http:\/\/localhost:8088\/auth\/admin\/master\/console\/#\/realms\/sample-realm\/client-policies\/policies-update\/test-policy<\/a><\/li>\n<\/ul>\n<div>\u00a0FAPI1 Baseline \u3092\u8ffd\u52a0\u3057\u305f\u6642\u3068\u540c\u3058\u3088\u3046\u306b\u00a0 <em>Add client profile...<\/em> \u3068\u3044\u3046\u8868\u793a\u3092\u62bc\u3059\u3068\u3001\u9069\u7528\u3059\u308b Profile \u306e\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u308b\u306e\u3067\u3001\u4eca\u56de\u306f <strong>fapi-1-advanced<\/strong> \u3092\u9078\u629e\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n<div><\/div>\n<div>\u8ffd\u52a0\u5f8c\u306e\u753b\u9762\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u753b\u9762\u306b\u306a\u308a\u307e\u3059\u3002<\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-46644 size-large\" src=\"\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-addedprofile-fapi1-advanced-view-1024x725.png\" alt=\"\" width=\"1024\" height=\"725\" srcset=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-addedprofile-fapi1-advanced-view-1024x725.png 1024w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-addedprofile-fapi1-advanced-view-360x255.png 360w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-addedprofile-fapi1-advanced-view-768x544.png 768w, https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/11\/keycloak-client-policies-addedprofile-fapi1-advanced-view.png 1073w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div>\n<h3 id=\"66-%2264%22-%E3%81%A8%E5%90%8C%E3%81%98%E6%9D%A1%E4%BB%B6%E3%81%A7%E3%82%A2%E3%82%AF%E3%82%BB%E3%82%B9%E3%83%88%E3%83%BC%E3%82%AF%E3%83%B3%E3%81%AE%E5%8F%96%E5%BE%97%E3%81%97%E3%81%A6%E3%81%BF%E3%82%8B\" class=\"code-line\" data-line=\"433\">6.6 \"6.4\" \u3068\u540c\u3058\u6761\u4ef6\u3067\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u3092\u53d6\u5f97\u3057\u3066\u307f\u308b<a id=\"section6.6\"><\/a><\/h3>\n<p class=\"code-line\" data-line=\"434\">\u6b21\u306b FAPI1 Baseline \u306b\u6e96\u62e0\u3057\u305f\u65b9\u6cd5\u3067\u3001FAPI1 Advanced \u304c\u9069\u7528\u3055\u308c\u3066\u3044\u308b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u540c\u3058\u624b\u9806\u3067\u8a66\u3057\u3066\u307f\u307e\u3059\u3002\u3067\u306f PKCE \u306b\u5bfe\u5fdc\u3057\u305f\u8a8d\u53ef\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u3063\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u4f8b\u793a\u3057\u305f Docker Compose \u306e\u8a2d\u5b9a\u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line\" data-line=\"436\"><a title=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256\" href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256\" data-href=\"http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid%20email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256\">http:\/\/localhost:8088\/auth\/realms\/sample-realm\/protocol\/openid-connect\/auth?response_type=code&amp;scope=openid email&amp;client_id=test-client&amp;nonce=abcdefghijk&amp;state=abcdefghijk&amp;redirect_uri=https%3A%2F%2Fclient.example.com%2Ftest&amp;code_challenge=x5TzY7F73pwupN2MmxV_p65paRc7vJrN7b1cRL2CIGE&amp;code_challenge_method=S256<\/a><\/li>\n<\/ul>\n<p class=\"code-line\" data-line=\"438\">\u4eca\u56de\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30a8\u30e9\u30fc\u3092\u793a\u3059\u60c5\u5831\u3092\u542b\u3093\u3067 Redirect URI \u3078\u767b\u9332\u3057\u305f\u30da\u30fc\u30b8\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u3066\u304d\u3066\u3044\u308b\u306f\u305a\u3067\u3059\u3002<\/p>\n<ul>\n<li class=\"code-line\" data-line=\"440\">https:\/\/client.example.com\/test?error=invalid_client&amp;error_description=invalid+client+access+type&amp;state=abcdefghijk<\/li>\n<\/ul>\n<p class=\"code-line\" data-line=\"442\">\u3053\u306eURL\u306e\u30af\u30a8\u30ea\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3092\u30c7\u30b3\u30fc\u30c9\u3057\u3066\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u898b\u3066\u307f\u308b\u3068\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u7121\u52b9\u3067\u3042\u3063\u305f\u3053\u3068\u3068\u30a8\u30e9\u30fc\u306e\u8aac\u660e\u3068\u3057\u3066\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30a2\u30af\u30bb\u30b9\u30bf\u30a4\u30d7\u304c\u7121\u52b9\u3068\u3044\u3046\u60c5\u5831\u304c\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u30d1\u30e9\u30e1\u30fc\u30bf\u540d<\/th>\n<th>\u5024<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>error<\/td>\n<td>invalid_client<\/td>\n<\/tr>\n<tr>\n<td>error_description<\/td>\n<td>invalid client access type<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"code-line \" data-line=\"449\">\u3067\u306f FAPI1 Advanced \u306b\u95a2\u9023\u3059\u308b\u8a18\u8ff0\u304c\u306a\u3044\u304b\u3092\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<p class=\"code-line \" data-line=\"451\">\u5b9f\u306f FAPI1 Advanced \u306e<a title=\"https:\/\/openid.net\/specs\/openid-financial-api-part-2-1_0.html#introduction-1\" href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-2-1_0.html#introduction-1\" data-href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-2-1_0.html#introduction-1\">5.1. Introduction<\/a>\u306b\u3053\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u306f\u30d1\u30d6\u30ea\u30c3\u30af\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u3044\u306a\u3044\u3053\u3068\u304c\u66f8\u304b\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<blockquote>\n<div>\n<div>This profile does not support public clients.<\/div>\n<\/div>\n<\/blockquote>\n<p class=\"code-line \" data-line=\"451\">\u305d\u306e\u4ed6\u306b\u8a8d\u53ef\u30b5\u30fc\u30d0\u30fc\u306b\u5bfe\u3059\u308b\u8981\u6c42\u4e8b\u9805\u306e\u00a0<a title=\"https:\/\/openid.net\/specs\/openid-financial-api-part-2-1_0.html#authorization-server\" href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-2-1_0.html#authorization-server\" data-href=\"https:\/\/openid.net\/specs\/openid-financial-api-part-2-1_0.html#authorization-server\">5.2.2. Authorization server<\/a>\u3092\u898b\u308b\u3068\u3001FAPI1 Advanced \u306b\u5bfe\u5fdc\u3057\u3066\u3044\u308b\u8a8d\u53ef\u30b5\u30fc\u30d0\u30fc\u306f\u30d1\u30d6\u30ea\u30c3\u30af\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u306f\u3044\u3051\u306a\u3044\u3068\u3044\u3046\u8a18\u8ff0\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n<blockquote>\n<div>\n<div>shall not support public clients;<\/div>\n<\/div>\n<\/blockquote>\n<p class=\"code-line \" data-line=\"451\">\u3053\u3053\u307e\u3067\u3067\u3001FAPI1 Advanced \u306b\u6e96\u62e0\u3059\u308b\u5834\u5408\u3001 public \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f\u4f7f\u3048\u306a\u3044\u3068\u3044\u3046\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002\u3053\u3053\u304b\u3089 Confidential \u306a\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3082\u8a66\u3057\u3066\u307f\u305f\u3044\u6240\u306a\u306e\u3067\u3059\u304c\u3001\u3053\u306e\u8a18\u4e8b\u306f\u4e00\u65e6\u3053\u3053\u307e\u3067\u3068\u3055\u305b\u3066\u3044\u305f\u3060\u304d\u307e\u3059\u3002<\/p>\n<h2 id=\"7-%E5%BE%8C%E6%9B%B8%E3%81%8D\" class=\"code-line\" data-line=\"463\">7. \u5f8c\u66f8\u304d<a id=\"section7\"><\/a><\/h2>\n<p class=\"code-line\" data-line=\"464\">\u3053\u306e\u8a18\u4e8b\u3067\u306f Keycloak \u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u3001FAPI \u3092\u7c21\u5358\u306b\u3075\u308c\u3066\u3044\u304f\u904e\u7a0b\u3067 PKCE \u3082\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\u3002\u3053\u306e\u8a18\u4e8b\u3092\u8aad\u3080\u3053\u3068\u3067\u3001Keycloak \u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3084\u305d\u308c\u306b\u3088\u3063\u3066 FAPI \u306b\u6e96\u62e0\u3057\u3066\u3044\u304f\u904e\u7a0b\u306e\u30a4\u30e1\u30fc\u30b8\u3084\u3001PKCE \u3067\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u3084\u308a\u3068\u308a\u3092\u63b4\u3080\u3053\u3068\u306b\u5bfe\u3057\u3066\u5c11\u3057\u3067\u3082\u53c2\u8003\u306b\u306a\u308c\u3070\u5e78\u3044\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 &#8211; 2.1 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240 &#8211; 2.2 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u306f\u4f55\u304b FAPI \u3068\u306f\u4f55\u304b \u00a0\u691c\u8a3c\u74b0\u5883\u306b\u3064\u3044\u3066 &#8211; 5.1 \u30ec\u30eb\u30e0\u306e\u4f5c\u6210 &#8211; 5.2 \u30e6\u30fc\u30b6\u30fc\u306e [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":43704,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[520],"tags":[],"class_list":["post-46316","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-keycloak"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3<\/title>\n<meta name=\"description\" content=\"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 - 2.1 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240 - 2.2 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u306f\u4f55\u304b FAPI \u3068\u306f\u4f55\u304b\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\" \/>\n<meta property=\"og:description\" content=\"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 - 2.1 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240 - 2.2 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u306f\u4f55\u304b FAPI \u3068\u306f\u4f55\u304b\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316\" \/>\n<meta property=\"og:site_name\" content=\"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/creationline\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-23T01:10:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"798\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@creationline\" \/>\n<meta name=\"twitter:site\" content=\"@creationline\" \/>\n<meta name=\"twitter:label1\" content=\"\u57f7\u7b46\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"9\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/7d923d1c017568a1a5e66d7bb1c8764a\"},\"headline\":\"Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE\",\"datePublished\":\"2022-03-23T01:10:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316\"},\"wordCount\":1206,\"image\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png\",\"articleSection\":[\"keycloak\"],\"inLanguage\":\"ja\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316\",\"url\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316\",\"name\":\"Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\",\"isPartOf\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png\",\"datePublished\":\"2022-03-23T01:10:58+00:00\",\"author\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/7d923d1c017568a1a5e66d7bb1c8764a\"},\"description\":\"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 - 2.1 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240 - 2.2 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u306f\u4f55\u304b FAPI \u3068\u306f\u4f55\u304b\",\"breadcrumb\":{\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#primaryimage\",\"url\":\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png\",\"contentUrl\":\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png\",\"width\":1280,\"height\":798},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"HOME\",\"item\":\"https:\/\/www.creationline.com\/tech-blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\",\"item\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"keycloak\",\"item\":\"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/#website\",\"url\":\"https:\/\/www.creationline.com\/tech-blog\/\",\"name\":\"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3\",\"description\":\"\u30a2\u30b8\u30e3\u30a4\u30eb\uff06DevOps\u3001\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\u3001AI\uff06LLM\u306e\u5148\u7aef\u6280\u8853\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.creationline.com\/tech-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/7d923d1c017568a1a5e66d7bb1c8764a\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/12\/avatar.png\",\"url\":\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/12\/avatar.png\",\"contentUrl\":\"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/12\/avatar.png\",\"caption\":\"admin\"},\"url\":\"https:\/\/www.creationline.com\/tech-blog\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","description":"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 - 2.1 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240 - 2.2 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u306f\u4f55\u304b FAPI \u3068\u306f\u4f55\u304b","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316","og_locale":"ja_JP","og_type":"article","og_title":"Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","og_description":"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 - 2.1 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240 - 2.2 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u306f\u4f55\u304b FAPI \u3068\u306f\u4f55\u304b","og_url":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316","og_site_name":"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","article_publisher":"https:\/\/www.facebook.com\/creationline","article_published_time":"2022-03-23T01:10:58+00:00","og_image":[{"width":1280,"height":798,"url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_creator":"@creationline","twitter_site":"@creationline","twitter_misc":{"\u57f7\u7b46\u8005":"admin","\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"9\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#article","isPartOf":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316"},"author":{"name":"admin","@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/7d923d1c017568a1a5e66d7bb1c8764a"},"headline":"Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE","datePublished":"2022-03-23T01:10:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316"},"wordCount":1206,"image":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#primaryimage"},"thumbnailUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png","articleSection":["keycloak"],"inLanguage":"ja"},{"@type":"WebPage","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316","url":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316","name":"Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE - Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","isPartOf":{"@id":"https:\/\/www.creationline.com\/tech-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#primaryimage"},"image":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#primaryimage"},"thumbnailUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png","datePublished":"2022-03-23T01:10:58+00:00","author":{"@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/7d923d1c017568a1a5e66d7bb1c8764a"},"description":"keycloak |1. \u76ee\u6b21 \u76ee\u6b21 \u6982\u8981 - 2.1 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3059\u308b\u7b87\u6240 - 2.2 \u4eca\u56de\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u306a\u3044\u7b87\u6240 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc\u3068\u306f\u4f55\u304b FAPI \u3068\u306f\u4f55\u304b","breadcrumb":{"@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#primaryimage","url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png","contentUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/08\/creationline-logo.png","width":1280,"height":798},{"@type":"BreadcrumbList","@id":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak\/46316#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"HOME","item":"https:\/\/www.creationline.com\/tech-blog"},{"@type":"ListItem","position":2,"name":"\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6","item":"https:\/\/www.creationline.com\/tech-blog\/cloudnative"},{"@type":"ListItem","position":3,"name":"keycloak","item":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/keycloak"},{"@type":"ListItem","position":4,"name":"Keycloak \u3067 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30dd\u30ea\u30b7\u30fc + FAPI \u3092\u8a66\u3059 with PKCE"}]},{"@type":"WebSite","@id":"https:\/\/www.creationline.com\/tech-blog\/#website","url":"https:\/\/www.creationline.com\/tech-blog\/","name":"Tech Blog\uff5c\u30af\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u30e9\u30a4\u30f3","description":"\u30a2\u30b8\u30e3\u30a4\u30eb\uff06DevOps\u3001\u30af\u30e9\u30a6\u30c9\u30cd\u30a4\u30c6\u30a3\u30d6\u3001AI\uff06LLM\u306e\u5148\u7aef\u6280\u8853","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.creationline.com\/tech-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/www.creationline.com\/tech-blog\/#\/schema\/person\/7d923d1c017568a1a5e66d7bb1c8764a","name":"admin","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/12\/avatar.png","url":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/12\/avatar.png","contentUrl":"https:\/\/www.creationline.com\/tech-blog\/cms_x3GWkuX\/wp-content\/uploads\/2021\/12\/avatar.png","caption":"admin"},"url":"https:\/\/www.creationline.com\/tech-blog\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/46316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/comments?post=46316"}],"version-history":[{"count":98,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/46316\/revisions"}],"predecessor-version":[{"id":49942,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/posts\/46316\/revisions\/49942"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/media\/43704"}],"wp:attachment":[{"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/media?parent=46316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/categories?post=46316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.creationline.com\/tech-blog\/wp-json\/wp\/v2\/tags?post=46316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}