[keycloak-user] Token Validation

Stian Thorgersen sthorger at redhat.com
Thu Dec 17 04:51:50 EST 2015 

On 11 December 2015 at 15:28, Bill Burke <bburke at redhat.com> wrote:

> You want to write a PHP adapter?  You can either validate the token
> yourself, or invoke the Keycloak REst service to validate it for you.
>
> Keycloak tokens are Json Web Signatures (JWS).
>
> https://tools.ietf.org/html/rfc7515
>
> The content of this signature is a Keycloak extension of Json Web Token:
>
> http://jwt.io/
>
> We have all the standard fields, with additional ones for role mappings
> and group membership depending on how you've configured the client in
> the admin console.
>
> As for CORS this is something your PHP adapter has to handle.  You can
> configure the Keycloak token to embed what origins are allowed, but the
> adapter has to handle setting all the appropriate headers.
>
> BTW, we would definitely welcome a PHP adapter contribution!
>

+1000 Anyone interested in contributing this, ping us and we will help as
much as we can :)


>
> On 12/11/2015 3:30 AM, Brian Thai wrote:
> > Hi All,
> >
> > I have just started to work with keycloak 1.7.0 and I have a PHP rest
> > service that I want to write an adapter for. I have read the docs and
> > the code but I don't understand how the token is validated from the rest
> > service.
> >
> > I understand that with a js client they would be redirected to keycloak
> > to obtain an access token which will be passed to my rest api. At that
> > point I should validate the token, and I see that keycloak provides a
> > rest endpoint for validation:
> >
> http://docs.jboss.org/keycloak/docs/1.0-rc-1/rest-api/realms/%7Brealm%7D/tokens/validate/index.html
> >
> > I get held from cors because the realm itself does not have
> > configuration for setting the 'Access-Control-Allow-Origin' header. Can
> > anyone point me in the right direction?
> >
> > Thanks,
> > -Brian
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151217/30c43ea5/attachment.html

More information about the keycloak-user mailing list