[keycloak-user] Customize OpenID/OAuth token

[Francisco Javier Crujeiras]

Thanks for your answer guys!

Our intentions were not to develop anything (at least by now), but we'll
check the possibility of writing a custom client authenticator.

I will update the thread with updates as soon as possible.

Regards,


El lun., 3 dic. 2018 a las 10:39, Luis Rodríguez Fernández (<
uo67113 at gmail.com>) escribió:

> Hello Francisco,
>
> Perhaps you need to implement your own client authenticator [1]
>
> Hoe it helps,
>
> Luis
>
> [1]
> https://www.keycloak.org/docs/latest/server_development/index.html#implement-your-own-client-authenticator
>
>
>
>
>
>
>
>
>
>
> El sáb., 1 dic. 2018 a las 13:48, Geoffrey Cleaves (<geoff at opticks.io>)
> escribió:
>
>> I think from my limited knowledge that the OpenId standard dictates the
>> use
>> of JWT tokens, so I would not expect this to be possible.
>>
>> On Fri, Nov 30, 2018, 11:25 Francisco Javier Crujeiras <
>> fj.crujeiras at hocelot.com wrote:
>>
>> > Hi,
>> >
>> > We're thinking on using Keycloak as our main IDP and SSO solution. At
>> this
>> > time, we're using a "custom" IDP server based on Spring and we are
>> > investigating if we can migrate our client database to Keycloak without
>> > disturbing our users.
>> >
>> > So, we have seen that, by default, Keycloak answers a token request
>> with a
>> > complete JWT token, like this one:
>> > {
>> > "access_token":
>> >
>> >
>> "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJEWk4wX1liZUZGNFZMUVdxQ2NWMGFWd0VFbXBlUGlnX1NFaWk3dkozSGRvIn0.eyJqdGkiOiI5YTc4MTY5NC04MGUwLTQ2OTEtOGY3Yi00MzQ5MzA3ZTBkYWIiLCJleHAiOjE1NDM1NzMxMDgsIm5iZiI6MCwiaWF0IjoxNTQzNTcyODA4LCJpc3MiOiJodHRwOi8vMTcyLjE4LjAuMzo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QtcmVhbG0iLCJhdWQiOlsiaHR0K3EySUdZQkFHOHBkTDF4bHF4M0xxa1dtciIsImFjY291bnQiXSwic3ViIjoiYzgxNzYzNjgtMGI5NS00MWFmLTgzZDUtZTk4N2Y0ZWVlYTg3IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiaHR0K3EySUdZQkFHOHBkTDF4bHF4M0xxa1dtciIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjcyZWNiNzk4LWRiNTgtNDE2MS04ZTA5LTRhYWVkYjJlYWI4ZiIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7Imh0dCtxMklHWUJBRzhwZEwxeGxxeDNMcWtXbXIiOnsicm9sZXMiOlsidW1hX3Byb3RlY3Rpb24iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiY2xpZW50SG9zdCI6IjE3Mi4xOC!
>>  4w!
>> >
>> >
>> LjEiLCJjbGllbnRJZCI6Imh0dCtxMklHWUJBRzhwZEwxeGxxeDNMcWtXbXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtaHR0K3EyaWd5YmFnOHBkbDF4bHF4M2xxa3dtciIsImNsaWVudEFkZHJlc3MiOiIxNzIuMTguMC4xIiwiZW1haWwiOiJzZXJ2aWNlLWFjY291bnQtaHR0K3EyaWd5YmFnOHBkbDF4bHF4M2xxa3dtckBwbGFjZWhvbGRlci5vcmcifQ.BgF6v7VQGO4vH4Z0VLFZmiO1CARpaoE1V7MjaNIJB85QORfk3L431VFQr3WJdT5ZBeC0Q5mB5LB7f9gLAd2lso4P9AegYAi8PmjJRvI-oL59Qe0PfDn8fjfZdaC8i3K0ZrZNDS9ivTdqL-8Gvq2C1l8x4tZaSxw1Yu8hxrWEfgOfATdn9XL5cbYXWRkm6AoJkVFVd300fPr0k6f67Jb4WOJP72692g8QRTWkqCrZyz0DrJxgg7fSX6M_0bxOa-JOidmGuJIwScciT1b5IVvvcQi3hx4UMwRQFunq1j2T7iRCT_LB99oP480KtoSXyCUS3dDzj6wCp4BEHb5K792isg"
>> > ,
>> > "expires_in": 300,
>> > "refresh_expires_in": 1800,
>> > "refresh_token":
>> >
>> >
>> "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhNmQzZTgzZi1iZGUxLTQ3YjgtYmQ4Yy1hMjVhNDdjMmExZTYifQ.eyJqdGkiOiJmZWZhNTRjZS1hMjA0LTQ2NjAtODNkMC1kNDE0OWQwOTU0YWMiLCJleHAiOjE1NDM1NzQ2MDgsIm5iZiI6MCwiaWF0IjoxNTQzNTcyODA4LCJpc3MiOiJodHRwOi8vMTcyLjE4LjAuMzo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QtcmVhbG0iLCJhdWQiOiJodHRwOi8vMTcyLjE4LjAuMzo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QtcmVhbG0iLCJzdWIiOiJjODE3NjM2OC0wYjk1LTQxYWYtODNkNS1lOTg3ZjRlZWVhODciLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiaHR0K3EySUdZQkFHOHBkTDF4bHF4M0xxa1dtciIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjcyZWNiNzk4LWRiNTgtNDE2MS04ZTA5LTRhYWVkYjJlYWI4ZiIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiaHR0K3EySUdZQkFHOHBkTDF4bHF4M0xxa1dtciI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIn0.WTW9TwMnx4DSzRlLkDj_uXgabFAAUD4wDB5D084GMdY"
>> > ,
>> > "token_type": "bearer",
>> > "not-before-policy": 0,
>> > "session_state": "72ecb798-db58-4161-8e09-4aaedb2eab8f",
>> > "scope": "profile email"
>> > }
>> >
>> > But, we'd like to send a "non-JWT" token, like this one:
>> > {
>> >
>> > "access_token": "laskddjfnasdf7-fas45nfdsa-56kr-8uy7-fasd87fyasdf",
>> > "token_type": "bearer",
>> > "expires_in": 3600,
>> > "scope": "scope-1 scope-2 scope-n"
>> > }
>> >
>> > We're not very experienced in Keycloak and we do not know if this is
>> even
>> > possible, but any help will make us very happy.
>> >
>> > Thanks in advance!
>> >
>> > Regards,
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
>


-- 

Francisco Javier Crujeiras @*DevOps*

<https://www.hocelot.com>

<http://goo.gl/c82EVL>

Edificio Madroños III
Ctra. de La Coruña,  Km.17.800,
28231 Las Rozas, Madrid, España.



91 064 94 18

<https://www.linkedin.com/company/hocelot/?originalSubdomain=es>

¡Síguenos en Linked-in!

<http://twitter.com/hocelot_spain>

¡Síguenos en Twitter!