[keycloak-user] Verifying Bearer Tokens in Vert.x

Stian Thorgersen stian at redhat.com
Wed Jan 29 11:53:01 EST 2014


Have a look at:

https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java#L146

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-user at lists.jboss.org
> Sent: Wednesday, 29 January, 2014 4:05:58 PM
> Subject: Re: [keycloak-user] Verifying Bearer Tokens in Vert.x
> 
> 
> 
> On 1/29/2014 10:58 AM, Nils Preusker wrote:
> > Hi everybody,
> >
> > we are developing an application that consists of several REST
> > web-applications written with different application frameworks (Java EE
> > 6/ JBoss AS and Vert.x). So far we are
> > using org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve
> > from the skelton-key-as7 template (which as far as I can see, keycloak
> > is based on?) as an OAuth provider and just add bearer tokens to the
> > authentication headers of the HTTP requests between the modules.
> >
> > One of the really nice features for us is that the role mapping of users
> > is included in the tokens (which is also described in the keycloak docs
> > with a reference to JSON Web Tokens).
> >
> > Now the modules that are deployed to JBoss AS transparently verify the
> > bearer tokens and RESTEasy even takes care of adding the username and
> > the user roles to the HttpServletRequest which also allows us to use
> > @RolesAllowed (very convenient!).
> >
> > What I'm wondering now is whether there is an easy way of adding
> > validation and decoding of bearer tokens to Vert.x modules. Ideally, I
> > would like to be able to add a jar dependency that provides me with a
> > few methods to validate the token (make sure it is a real token, hasn't
> > been modified and didn't expire...) and extract the user and roles from
> > it. Since a private key is needed, I guess I would add a json config
> > file or even just pass the required values to the API directly.
> >
> 
> Don't know anything about vert.x, but if you use the keycloak-core
> module, it has all the code needed to unmarshal and verify the token.
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 


More information about the keycloak-user mailing list