# Pastebin nBsG7mAb
Yes ive got the direct access grants enabled. One other question, even with my modified request that has the client_id - and such I can get a token back, the next thing I get in the flow is: REQ: curl -g -i --insecure -X POST https://openstack-ip:5000/v3/OS-FEDERATION/identity_providers/keycloak-idp/protocols/openid/auth -H "Authorization: {SHA256}adee66cec25781bb8f385954fd69bee335a8f78bc893a040b95196a01e184ca3" -H "User-Agent: openstacksdk/0.26.0 keystoneauth1/3.13.1 python-requests/2.18.4 CPython/3.6.8"
Starting new HTTPS connection (1): 3.13.183.248
https://openstack-ip:5000 "POST /v3/OS-FEDERATION/identity_providers/keycloak-idp/protocols/openid/auth HTTP/1.1" 200 541
RESP: [200] Connection: close Content-Length: 541 Content-Type: text/html Date: Tue, 12 Nov 2019 16:21:02 GMT Server: Apache
RESP BODY: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <title>Error</title>

  </head>
  <body>
<p>Error: <pre>Invalid Request</pre></p><p>Description: <pre>You&apos;ve hit an OpenID Connect Redirect URI with no parameters, this is an invalid request; you should not open this URL in your browser directly, or have the server administrator use a different OIDCRedirectURI setting.</pre></p>
  </body>
</html>