<div dir="ltr">I ended up forking aerogear and merging in an unmerged PR that exposed Safari View Controller (I am targeting iOS 9+) and then also modified to allow for passing of kc_idp_hint. <div><br></div><div><a href="https://github.com/drouillard/aerogear-ios-oauth2">https://github.com/drouillard/aerogear-ios-oauth2</a><br></div><div><br></div><div>It is nice and clean and avoids the user experience issues that motivated my original question. E.g. embedded views dont work with Google sign-in and the external safari makes user answer an additional prompt (Open in 'app name') plus risks leaving them in no-persons land if they cancel.</div><div><br></div><div>For my active account question I likely can just use the Admin API can check outright for if user is enabled. </div><div><br></div><div>Still researching best Java client to use in my case as it seems like i am in a bearer-only situation. The aerogear code is easier to follow as there is not intermixing of session/server logic like the servlet examples I have seen.</div><div>Verifying the JWT on local server is easy and likely good enough but I believe there should be a way to verify it with the keycloak server if desired using certificates/possibly open-id end points. I am working in a high fraud situation so need all options available.</div><div><br></div><div>Will update this thread as they appear in Google search results.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard <span dir="ltr"><<a href="mailto:douglas.drouillard@gmail.com" target="_blank">douglas.drouillard@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>I am using Aerogear-iOS and I am able to successfully get a JWT from keycloak. Say I pass that JWT to a Java web service (that is not wildfly), is there a way to easily verify the token? The keycloak adapters for undertow and jetty seem beyond my reach. I am using Ninja Framework and the undertow integration does not seem feasible in my time frame.</div><div>I was hoping to easily validate token on server, but I can't seem to have come across anything. My concern is that I want to disable a user and immediately have them disabled, not wait on expiration in token.</div><div><br></div><div>I have proposed this question on stack overflow and on the keycloak mailing list with no answers so I was hoping to have some luck here.</div><div><br></div><div>Thanks.</div></div>
</blockquote></div><br></div>