[keycloak-user] Verifying Bearer Tokens in Vert.x
Nils Preusker
n.preusker at gmail.com
Thu Jan 30 03:50:55 EST 2014
Hey Stian, thanks for the link, that's exactly what I was looking for!
On Wed, Jan 29, 2014 at 5:53 PM, Stian Thorgersen <stian at redhat.com> wrote:
> Have a look at:
>
>
> https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java#L146
>
> ----- Original Message -----
> > From: "Bill Burke" <bburke at redhat.com>
> > To: keycloak-user at lists.jboss.org
> > Sent: Wednesday, 29 January, 2014 4:05:58 PM
> > Subject: Re: [keycloak-user] Verifying Bearer Tokens in Vert.x
> >
> >
> >
> > On 1/29/2014 10:58 AM, Nils Preusker wrote:
> > > Hi everybody,
> > >
> > > we are developing an application that consists of several REST
> > > web-applications written with different application frameworks (Java EE
> > > 6/ JBoss AS and Vert.x). So far we are
> > > using
> org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve
> > > from the skelton-key-as7 template (which as far as I can see, keycloak
> > > is based on?) as an OAuth provider and just add bearer tokens to the
> > > authentication headers of the HTTP requests between the modules.
> > >
> > > One of the really nice features for us is that the role mapping of
> users
> > > is included in the tokens (which is also described in the keycloak docs
> > > with a reference to JSON Web Tokens).
> > >
> > > Now the modules that are deployed to JBoss AS transparently verify the
> > > bearer tokens and RESTEasy even takes care of adding the username and
> > > the user roles to the HttpServletRequest which also allows us to use
> > > @RolesAllowed (very convenient!).
> > >
> > > What I'm wondering now is whether there is an easy way of adding
> > > validation and decoding of bearer tokens to Vert.x modules. Ideally, I
> > > would like to be able to add a jar dependency that provides me with a
> > > few methods to validate the token (make sure it is a real token, hasn't
> > > been modified and didn't expire...) and extract the user and roles from
> > > it. Since a private key is needed, I guess I would add a json config
> > > file or even just pass the required values to the API directly.
> > >
> >
> > Don't know anything about vert.x, but if you use the keycloak-core
> > module, it has all the code needed to unmarshal and verify the token.
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140130/f5096636/attachment.html
More information about the keycloak-user
mailing list