[keycloak-dev] make sending a request object mandatory for certain clients

Marek Posolda mposolda at redhat.com
Thu Mar 8 11:23:45 EST 2018


On 08/03/18 15:25, Marek Posolda wrote:
> Hi,
>
> sorry to not respond earlier. Your usecase makes sense to me and the 
> code you did as well. One minor thing, which is missing, is admin 
> console update. I think you need to add new switch to the client 
> details page. Please add it to same section like "Advanced config" 
> where are other things like request object signature algorithm etc.
Forgot to mention, that it will be nice if you send PR once you do it :)

Thanks,
Marek
>
> Thanks,
> Marek
>
> On 06/03/18 20:13, Aron Bustya wrote:
>> Hello!
>>
>> Can I get some reaction to this? (The community guidelines say I need to
>> ask around before sending pull requests.)
>>
>> Regards,
>> Áron Bustya
>>
>> On 2 December 2017 at 04:44, Aron Bustya <aron.bustya.js at gmail.com> 
>> wrote:
>>
>>> Hi!
>>>
>>> I have a use case where the server must accept authorization 
>>> requests only
>>> when they contain a signed request object (should be configurable per
>>> client).
>>>
>>> I have found a way to make the signing of the request object 
>>> mandatory by
>>> specifying a 'request.object.signature.alg' attribute on the client, 
>>> but
>>> this only applies if a request object exists in the first place.
>>>
>>> I would like to propose a pull request: It defines a new client 
>>> attribute
>>> 'request.object.required'. If this is set to 'true', the client must 
>>> send a
>>> request object when initiating an authorization request.
>>>
>>> Current code can be checked here: https://github.com/abustya/
>>> keycloak/commit/476912906a3ad0d290220a1f54abee073dba687a
>>>
>>> What do you think?
>>>
>>> Regards,
>>> Áron Bustya
>>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>



More information about the keycloak-dev mailing list