[keycloak-dev] ID Token claims in Access Token and Refresh Token
Stian Thorgersen
stian at redhat.com
Wed Dec 3 06:32:21 EST 2014
----- Original Message -----
> From: "Pedro Igor Silva" <psilva at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>
> Sent: Wednesday, 3 December, 2014 12:28:11 PM
> Subject: Re: [keycloak-dev] ID Token claims in Access Token and Refresh Token
>
> I notice that too when trying to broker a KeyCloak server from another one.
>
> Also, I think KC is missing OpenID Connect Discovery [1].
>
> [1] http://openid.net/specs/openid-connect-discovery-1_0.html
Yep, we've only implemented the core spec and parts of the session spec.
>
> ----- Original Message -----
> From: "Stian Thorgersen" <stian at redhat.com>
> To: "keycloak dev" <keycloak-dev at lists.jboss.org>
> Sent: Wednesday, December 3, 2014 5:55:24 AM
> Subject: [keycloak-dev] ID Token claims in Access Token and Refresh Token
>
> As AccessToken and RefreshToken extends IDToken they contain the ID Token
> claims. If I've read the spec correctly those claims should only be in the
> ID Token. There should also be a separate UserInfo endpoint which we're
> missing.
>
> Is there a reason why AccessToken extends IDToken, or can we remove that?
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list