[Aerogear-users] Keycloak - validate token on server
Summers Pittman
supittma at redhat.com
Mon Jun 5 14:42:36 EDT 2017
On Mon, Jun 5, 2017 at 9:11 AM, Doug Drouillard <
douglas.drouillard at gmail.com> wrote:
> I ended up forking aerogear and merging in an unmerged PR that exposed
> Safari View Controller (I am targeting iOS 9+) and then also modified to
> allow for passing of kc_idp_hint.
>
> https://github.com/drouillard/aerogear-ios-oauth2
>
> It is nice and clean and avoids the user experience issues that motivated
> my original question. E.g. embedded views dont work with Google sign-in and
> the external safari makes user answer an additional prompt (Open in 'app
> name') plus risks leaving them in no-persons land if they cancel.
>
> For my active account question I likely can just use the Admin API can
> check outright for if user is enabled.
>
> Still researching best Java client to use in my case as it seems like i am
> in a bearer-only situation. The aerogear code is easier to follow as there
> is not intermixing of session/server logic like the servlet examples I have
> seen.
> Verifying the JWT on local server is easy and likely good enough but I
> believe there should be a way to verify it with the keycloak server if
> desired using certificates/possibly open-id end points. I am working in a
> high fraud situation so need all options available.
>
> Will update this thread as they appear in Google search results.
>
+1 Thanks for the feedback, and I will keep an eye out for your updates.
>
> On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard <
> douglas.drouillard at gmail.com> wrote:
>
>> Hello,
>>
>> I am using Aerogear-iOS and I am able to successfully get a JWT from
>> keycloak. Say I pass that JWT to a Java web service (that is not wildfly),
>> is there a way to easily verify the token? The keycloak adapters for
>> undertow and jetty seem beyond my reach. I am using Ninja Framework and the
>> undertow integration does not seem feasible in my time frame.
>> I was hoping to easily validate token on server, but I can't seem to have
>> come across anything. My concern is that I want to disable a user and
>> immediately have them disabled, not wait on expiration in token.
>>
>> I have proposed this question on stack overflow and on the keycloak
>> mailing list with no answers so I was hoping to have some luck here.
>>
>> Thanks.
>>
>
>
> _______________________________________________
> Aerogear-users mailing list
> Aerogear-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-users/attachments/20170605/882e972c/attachment-0001.html
More information about the Aerogear-users
mailing list