<div dir="ltr">I'll be looking into this and will report back if a library exists for Python to read JWT tokens.<div><br></div><div>I was wondering is there an API on the KeyCloak server for doing JWT token verification? Or rather should we decode the token and use the REST admin endpoints if we need to query more information?</div><div><br></div><div><br></div><div>Vinay</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 13, 2015 at 9:05 AM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">If you're interested in becoming a contributor Vinay, this would be a<br>
very useful extension!<br>
<br>
BTW, we also have a "lightweight" Java Security HTTP Proxy based on<br>
Undertow that you can use to secure python apps.<br>
<div class="HOEnZb"><div class="h5"><br>
On 8/13/2015 2:00 AM, Stian Thorgersen wrote:<br>
> Afraid we don't have any libraries for Python yet.<br>
><br>
> Simply verifying the token should be relatively straight forward though. It's a standard JWT token (base64 encoded json) with a JWS signature. You can look at RSATokenVerifier to see what details should be verified (expiration date, issuer, etc..). You also need to verify the signature. There may quite likely be JWT libraries for Python you can use.<br>
><br>
> ----- Original Message -----<br>
>> From: "Vinay Anantharaman" <<a href="mailto:vinayan3@gmail.com">vinayan3@gmail.com</a>><br>
>> To: <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
>> Sent: Thursday, 13 August, 2015 12:21:01 AM<br>
>> Subject: [keycloak-dev] Implementing database-service example in Python<br>
>><br>
>> Hi,<br>
>> I'm trying to implement the example database service from Python. The<br>
>> description is here:<br>
>><br>
>><br>
>><br>
>> <a href="https://github.com/keycloak/keycloak/tree/master/examples/demo-template" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/demo-template</a><br>
>><br>
>> Our backend service is contacted directly by clients with an access token<br>
>> from the Keycloak server. We would like to verify access tokens are and then<br>
>> return some data they need. I was looking at the code here:<br>
>><br>
>><br>
>><br>
>> <a href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/database-" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/database-</a><br>
>> service/src/main/java/org/keycloak/example/oauth/CustomerService.java<br>
>><br>
>> In Java this seems quite trivial with the support of Keycloak libraries. In<br>
>> Python I won't have them. What are the APIs on Keycloak I can use to verify<br>
>> an access token? Furthermore, are you aware of any classes like<br>
>> RSATokenVerifier for python? I saw it being used here:<br>
>><br>
>><br>
>><br>
>> <a href="https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java#L319" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java#L319</a><br>
>><br>
>> Thanks,<br>
>><br>
>><br>
>> Vinay Anantharaman<br>
>><br>
>> _______________________________________________<br>
>> keycloak-dev mailing list<br>
>> <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
>> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
> _______________________________________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
><br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Vinay Anantharaman</div>
</div>