[keycloak-dev] apps access to and refresh of facebook tokens
Pedro Igor Silva
psilva at redhat.com
Thu Feb 26 11:09:18 EST 2015
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Thursday, February 26, 2015 12:42:19 PM
> Subject: [keycloak-dev] apps access to and refresh of facebook tokens
>
> At least for openid connect, I think we hashed this through on our dev
> call today.
>
> * There will be a Protocol Claim Mapper that can add a facebook token
> and expiration claim to the application's access token.
I would create a specific claim set for that instead of individual claims. Something like:
"k_act" : {
"identity-provider": {
"id" : "facebook",
"access_token": "12312312",
"expires": "12312321"
}
}
(k_act : keycloak authentication context)
That way we can use this k_act for exchange information regarding the authentication context when issuing access tokens or even id tokens.
> * the refreshToken endpoint will accept a "scope" parameter. The
> application can then request the refresh of any external token by
> specifying this token in the "scope parameter.
I was thinking about adding a refreshToken endpoint to the identity broker. Isn't better ?
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list