[keycloak-dev] Keycloak as OAuth 2 compliant authorization server?
Matt Wringe
mwringe at redhat.com
Tue Aug 27 15:22:32 EDT 2013
On 27/08/13 02:20 PM, Bill Burke wrote:
> Well, you need to remember that OAuth 2 is a framework and not a
> complete protocol. The actual authentication part with the auth server
> is the most "flexible" part of the API. I'd like to follow it as
> closely as possible though.
Yep, agreed. OAuth does not provide a complete protocol and leaves a lot
of stuff to the implementors to decide. It also makes a lot of stuff
optional and allows for custom extensions. It does however clearly
defined some areas and provides a defined protocol for them.
Unfortunately we are not exactly in line with the specification in all
areas and would need to make some changes to become compliant.
I am assuming that trying to 'follow it as closely as possible' means we
do want to be compliant and that issues should be filled where it does
not follow the defined sections?
>
> On 8/23/2013 4:39 PM, Matt Wringe wrote:
>> Could someone please clarify if one of the goals of keycloak is to
>> provide an oauth 2.0 compliant authorization server?
>>
>> I am trying to figure out if I should be filing bugs and submitting
>> patches, or if keycloak is only meant to have a oauth like semblance.
>>
>> Thanks,
>>
>> Matt Wringe
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
More information about the keycloak-dev
mailing list