[keycloak-dev] JWK
Bill Burke
bburke at redhat.com
Thu Mar 12 11:08:09 EDT 2015
On 3/12/2015 10:56 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Thursday, 12 March, 2015 3:50:39 PM
>> Subject: Re: [keycloak-dev] JWK
>>
>> JWK shouldn't be transmitted with ID Token and/or access token by
>> default is what I mean. If I remember the specs correctly. Bloats the
>> tokens and requires more parsing time.
>
> That's how we sign the access token isn't it? Is there an option to include it in the token itself?
>
You don't need to store JWK information in the JWS header of the access
token because the adapter only works with one realm and one public realm
key. We're not doing certificate chains either.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list