[keycloak-user] token introspection
Bill Burke
bburke at redhat.com
Tue Aug 8 10:28:37 EDT 2017
Doesn't look like the switch is hooked up to anything. As it is, it
looks like this switch was added for RPT validation, not access token
validation, and not ever implemented. You just want the adapter to
validate the access token with the auth server for bearer token
requests, right?
On 8/8/17 9:29 AM, Bill Burke wrote:
> I'm looking at the code on server and I dont' see that it requires any
> special switch to use it. The endpoint is:
>
> @Post
>
> /auth/realms/{realm}/protocol/openid-connect/token/introspect
>
> Takes form params.
>
> token
>
> token_type_hint (optional and defaults to "access_token")
>
>
>
>
>
> On 8/8/17 4:31 AM, Simon Payne wrote:
>> after some debugging i figured that
>> keycloak.policy-enforcer-config.online-introspection=true switched on this
>> functionality, however it appears to error on a 400 after making a call to
>> the /auth/realms/master/protocol/openid-connect/token endpoint.
>>
>> I'm assuming this is a bug?
>>
>> Thanks
>>
>>
>>
>> On Mon, Aug 7, 2017 at 3:10 PM, Simon Payne <simonpayne58 at gmail.com> wrote:
>>
>>> Hi All,
>>>
>>> I'm evaluating keycloak and i'm currently looking at token introspection.
>>>
>>> I've managed to achieve this manually, i.e. by sending a post via postman,
>>> but i'm unable to figure out whether this can be achieved via the keycloak
>>> adapters, specifically spring boot.
>>>
>>> any help in this area would be appreciated.
>>>
>>> thanks
>>>
>>> Simon.
>>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list