[keycloak-user] OAuth token introspection
Stian Thorgersen
sthorger at redhat.com
Fri Feb 3 03:43:11 EST 2017
1 looks like a bug and it simply has the wrong name.
2 scope is optional and we don't support this at the moment
On 27 January 2017 at 05:52, Jason B <jason at naidmincloud.com> wrote:
> Hi,
>
> I am trying to understand the OAuth 2.0 capabilities of Keycloak server and
> I have a few questions with respective to the implementation of OAuth
> introspection spec.
>
> This is how a sample introspection response looking like
>
> {
> "jti": "7e0a2c4b-9725-432b-a0fd-594f21686108",
> "exp": 1485492229,
> "nbf": 0,
> "iat": 1485491929,
> "iss": "http://localhost:8080/auth/realms/nkadali",
> "aud": "proxy",
> "sub": "e89175d5-94fd-453a-8abb-9953d59d04cf",
> "typ": "Bearer",
> "azp": "proxy",
> "auth_time": 1485487408,
> "session_state": "c05ea410-6f0a-458d-9b2c-debafba732b7",
> "name": "",
> "preferred_username": "jason",
> "acr": "0",
> "client_session": "5d761332-97eb-404d-8624-3de4eca967cd",
> "allowed-origins": [],
> "realm_access": {
> "roles": [
> "uma_authorization"
> ]
> },
> "resource_access": {
> "account": {
> "roles": [
> "manage-account",
> "view-profile"
> ]
> }
> },
> "client_id": "proxy",
> "username": "jason",
> "active": true
> }
>
>
> I have two question based on this response.
>
> 1. According to the OAuth OAuth 2.0 Token Introspection (
> https://tools.ietf.org/html/rfc7662) the json response body may contain
> "token_type" member. But why keycloak representing "token_type" as
> "typ"?
> Is there any specific reason?
> 2. I don't see any "scope" attribute in the response body even though I
> supplied scope parameter while requesting for the access token. Any
> idea on
> how to get scopes associated with the supplied access token?
>
>
> Thanks!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list