<div dir="ltr">Thanks! I really appreciate you guys helping me out with integrating Keycloak.<div><br></div><div><br></div><div>Vinay</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 17, 2015 at 4:01 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
----- Original Message -----<br>
> From: "Vinay Anantharaman" <<a href="mailto:vinayan3@gmail.com">vinayan3@gmail.com</a>><br>
</span><span class="">> To: "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>><br>
> Cc: <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> Sent: Friday, 14 August, 2015 9:42:39 PM<br>
> Subject: Re: [keycloak-dev] Implementing database-service example in Python<br>
><br>
> I'll be looking into this and will report back if a library exists for Python<br>
> to read JWT tokens.<br>
><br>
> I was wondering is there an API on the KeyCloak server for doing JWT token<br>
> verification? Or rather should we decode the token and use the REST admin<br>
> endpoints if we need to query more information?<br>
<br>
</span>There is a rest endpoint that can be used to verify a token, but that requires a request to KC. As the token is signed it's better to just check it locally as it reduces the amount of request to Keycloak.<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
><br>
> Vinay<br>
><br>
> On Thu, Aug 13, 2015 at 9:05 AM, Bill Burke < <a href="mailto:bburke@redhat.com">bburke@redhat.com</a> > wrote:<br>
><br>
><br>
> If you're interested in becoming a contributor Vinay, this would be a<br>
> very useful extension!<br>
><br>
> BTW, we also have a "lightweight" Java Security HTTP Proxy based on<br>
> Undertow that you can use to secure python apps.<br>
><br>
> On 8/13/2015 2:00 AM, Stian Thorgersen wrote:<br>
> > Afraid we don't have any libraries for Python yet.<br>
> ><br>
> > Simply verifying the token should be relatively straight forward though.<br>
> > It's a standard JWT token (base64 encoded json) with a JWS signature. You<br>
> > can look at RSATokenVerifier to see what details should be verified<br>
> > (expiration date, issuer, etc..). You also need to verify the signature.<br>
> > There may quite likely be JWT libraries for Python you can use.<br>
> ><br>
> > ----- Original Message -----<br>
> >> From: "Vinay Anantharaman" < <a href="mailto:vinayan3@gmail.com">vinayan3@gmail.com</a> ><br>
> >> To: <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> >> Sent: Thursday, 13 August, 2015 12:21:01 AM<br>
> >> Subject: [keycloak-dev] Implementing database-service example in Python<br>
> >><br>
> >> Hi,<br>
> >> I'm trying to implement the example database service from Python. The<br>
> >> description is here:<br>
> >><br>
> >><br>
> >><br>
> >> <a href="https://github.com/keycloak/keycloak/tree/master/examples/demo-template" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/demo-template</a><br>
> >><br>
> >> Our backend service is contacted directly by clients with an access token<br>
> >> from the Keycloak server. We would like to verify access tokens are and<br>
> >> then<br>
> >> return some data they need. I was looking at the code here:<br>
> >><br>
> >><br>
> >><br>
> >> <a href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/database-" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/database-</a><br>
> >> service/src/main/java/org/keycloak/example/oauth/CustomerService.java<br>
> >><br>
> >> In Java this seems quite trivial with the support of Keycloak libraries.<br>
> >> In<br>
> >> Python I won't have them. What are the APIs on Keycloak I can use to<br>
> >> verify<br>
> >> an access token? Furthermore, are you aware of any classes like<br>
> >> RSATokenVerifier for python? I saw it being used here:<br>
> >><br>
> >><br>
> >><br>
> >> <a href="https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java#L319" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java#L319</a><br>
> >><br>
> >> Thanks,<br>
> >><br>
> >><br>
> >> Vinay Anantharaman<br>
> >><br>
> >> _______________________________________________<br>
> >> keycloak-dev mailing list<br>
> >> <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> >> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
> > _______________________________________________<br>
> > keycloak-dev mailing list<br>
> > <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
> ><br>
><br>
> --<br>
> Bill Burke<br>
> JBoss, a division of Red Hat<br>
> <a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
> _______________________________________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
><br>
><br>
><br>
> --<br>
> Vinay Anantharaman<br>
><br>
> _______________________________________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Vinay Anantharaman</div>
</div>