[keycloak-dev] Token validator endpoint (for humans)
Stian Thorgersen
sthorger at redhat.com
Thu Apr 5 09:58:47 EDT 2018
Is there a way we could let it register on any path with RestEasy?
On 5 April 2018 at 15:56, Bill Burke <bburke at redhat.com> wrote:
> I'll just switch to using that probably.
>
> On Thu, Apr 5, 2018 at 9:48 AM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
> > We already have a realm resource provider which adds directly under realm
> > (/auth/realms/<realm name>/<resource provider id>). See
> > https://github.com/stianst/keycloak-experimental/blob/
> master/token-validation/src/main/java/org/keycloak/experimental/token/
> TokenValidatorFactory.java#L31.
> >
> > The URL for this thing is: /auth/realms/master/token-validator
> >
> > Perhaps we could extend the realm resource provider to allow not just
> adding
> > directly under realms, but under any arbitrary path? Not sure if RestEasy
> > allows that though.
> >
> > On 5 April 2018 at 15:41, Bill Burke <bburke at redhat.com> wrote:
> >>
> >> +1
> >>
> >> Question, how are you adding this endpoint? Under ../protocol/oidc?
> >>
> >> The kubernetes integration needs a similar validation endpoint that
> >> outputs a document that kubernetes consumes. What I did is create an
> >> entirely new protocol. Maybe a protocol extension endpoint would be
> >> better?
> >>
> >> Object createExtensionEndpoint(String providerId)
> >>
> >> The returned Object would be a JAX-RS sub resource.
> >>
> >> Then the base endpoint would be .../protocol/oidc/extensions/{
> provider-id}
> >>
> >>
> >>
> >> On Thu, Apr 5, 2018 at 8:04 AM, Stian Thorgersen <sthorger at redhat.com>
> >> wrote:
> >> > I added an example token validator endpoint that I needed for some
> >> > demonstration purposes. Question would this be useful to add directly
> to
> >> > Keycloak?
> >> >
> >> > It provides a simple form where you can paste in the base64 token. It
> >> > will
> >> > then output the header, claims and whether or not the token is valid.
> It
> >> > uses realm keys to verify the signature so you don't have to paste
> that
> >> > in
> >> > manually (like you do on jwt.io).
> >> >
> >> > For those to lazy to try it out I've attached a screenshot.
> >> >
> >> > _______________________________________________
> >> > keycloak-dev mailing list
> >> > keycloak-dev at lists.jboss.org
> >> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> >>
> >>
> >> --
> >> Bill Burke
> >> Red Hat
> >
> >
>
>
>
> --
> Bill Burke
> Red Hat
>
More information about the keycloak-dev
mailing list