{"body":"Yes ive got the direct access grants enabled. One other question, even with my modified request that has the client_id - and such I can get a token back, the next thing I get in the flow is: REQ: curl -g -i --insecure -X POST https://openstack-ip:5000/v3/OS-FEDERATION/identity_providers/keycloak-idp/protocols/openid/auth -H \"Authorization: {SHA256}adee66cec25781bb8f385954fd69bee335a8f78bc893a040b95196a01e184ca3\" -H \"User-Agent: openstacksdk/0.26.0 keystoneauth1/3.13.1 python-requests/2.18.4 CPython/3.6.8\"\nStarting new HTTPS connection (1): 3.13.183.248\nhttps://openstack-ip:5000 \"POST /v3/OS-FEDERATION/identity_providers/keycloak-idp/protocols/openid/auth HTTP/1.1\" 200 541\nRESP: [200] Connection: close Content-Length: 541 Content-Type: text/html Date: Tue, 12 Nov 2019 16:21:02 GMT Server: Apache\nRESP BODY: <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">\n<html>\n  <head>\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n    <title>Error</title>\n\n  </head>\n  <body>\n<p>Error: <pre>Invalid Request</pre></p><p>Description: <pre>You&apos;ve hit an OpenID Connect Redirect URI with no parameters, this is an invalid request; you should not open this URL in your browser directly, or have the server administrator use a different OIDCRedirectURI setting.</pre></p>\n  </body>\n</html>","name":"Redirect URI","extension":"txt","url":"https://www.irccloud.com/pastebin/nBsG7mAb/Redirect+URI","modified":1573585336,"id":"nBsG7mAb","size":1353,"lines":15,"own_paste":false,"theme":"","date":1573585336}