[keycloak-user] Validate Implicit token

Bill Burke bburke at redhat.com
Tue Jul 26 10:49:51 EDT 2016 

I would use keycloak.js adapter with auth-code flow.  I personally don't 
like implicit flow for a number of reasons:

* access tokens get stored in browser history

* You have to perform the whole redirect dance when the access token expires

As far as Tomcat goes, we have an adapter for various tomcat versions.  
These tomcat instances would probably use bearer tokens to be secured.  
So, the javascript app uses keycloak.js to obtain the token.  REST 
invocations to TOMCAT are secured by a bearer token. Tomcat app has a 
keycloak adapter installed to be able to verify access tokens.


On 7/26/16 9:03 AM, Mohan.Radhakrishnan at cognizant.com wrote:
>
> Hi,
>
>         I have the standalone keycloak server issuing tokens. Client 
> is going to be JavaScript. I enabled ‘implicit’ and issued
>
> http://localhost:8080/auth/realms/MyRealm/protocol/openid-connect/auth?response_type=id_token%20token&redirect_uri=http%3A%2F%2Flocalhost:8000%2F&realm= 
> MyRealm &client_id= MyRealm &scope=user
>
> I get the id_token. I am used to getting the ‘access token’ in other 
> IDP’s. Are they the same in Keycloak ?
>
> How do I verify the token inside my Tomcat ?
>
> In other installations we run the IDP separately. So I am doing the 
> same with Keycloak.
>
> Thanks,
>
> Mohan
>
> This e-mail and any files transmitted with it are for the sole use of 
> the intended recipient(s) and may contain confidential and privileged 
> information. If you are not the intended recipient(s), please reply to 
> the sender and destroy all copies of the original message. Any 
> unauthorized review, use, disclosure, dissemination, forwarding, 
> printing or copying of this email, and/or any action taken in reliance 
> on the contents of this e-mail is strictly prohibited and may be 
> unlawful. Where permitted by applicable law, this e-mail and other 
> e-mail communications sent to and from Cognizant e-mail addresses may 
> be monitored.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160726/5ad9b683/attachment.html

More information about the keycloak-user mailing list