[keycloak-user] Token Validation
Thomas Raehalme
thomas.raehalme at aitiofinland.com
Thu Dec 17 05:22:08 EST 2015
On Thu, Dec 17, 2015 at 11:51 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:
>
> On 11 December 2015 at 15:28, Bill Burke <bburke at redhat.com> wrote:
>
>> You want to write a PHP adapter? You can either validate the token
>> yourself, or invoke the Keycloak REst service to validate it for you.
>>
>> Keycloak tokens are Json Web Signatures (JWS).
>>
>> https://tools.ietf.org/html/rfc7515
>>
>> The content of this signature is a Keycloak extension of Json Web Token:
>>
>> http://jwt.io/
>>
>> We have all the standard fields, with additional ones for role mappings
>> and group membership depending on how you've configured the client in
>> the admin console.
>>
>> As for CORS this is something your PHP adapter has to handle. You can
>> configure the Keycloak token to embed what origins are allowed, but the
>> adapter has to handle setting all the appropriate headers.
>>
>> BTW, we would definitely welcome a PHP adapter contribution!
>>
>
> +1000 Anyone interested in contributing this, ping us and we will help as
> much as we can :)
>
Here is something I contributed to PHP League's OAuth 2.0 Client while
doing a PoC for a customer:
https://github.com/stevenmaguire/oauth2-keycloak
I don't really work with PHP so I didn't have a chance to take it any
further.
Don't know if it's of any use, but please feel free to use it if it is.
Best regards,
Thoams
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151217/58cb9177/attachment.html
More information about the keycloak-user
mailing list