<div dir="ltr">Thanks Stian, got it to work.<div><br></div><div>Strangely enough this validation endpoint is not returned in the keycloak response on /auth/realms/[realm]/.well-known/openid-configuration . Also I tried to find any standard reference in the OpenID Connect 1.0 specification and there is no mentioning of this mechanism. So I assume its not a standard OpenID method right?</div><div><br></div><div>Kind Regards,</div><div>Niels</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 2, 2015 at 5:40 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Keycloak has an endpoint to verify token. URL is:<br>
<br>
/auth/realms/<realm>/protocol/openid-connect/validate<br>
<br>
It takes a single query_param 'access_token'. If token is valid the response will be the token as json document, otherwise it'll return an error.<br>
<div><div class="h5"><br>
----- Original Message -----<br>
> From: "Niels Bertram" <<a href="mailto:nielsbne@gmail.com">nielsbne@gmail.com</a>><br>
> To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Monday, 29 June, 2015 5:30:51 PM<br>
> Subject: [keycloak-user] keycloak 1.3.1 OpenID Connect token introspection url<br>
><br>
> Hi there,<br>
><br>
> I am trying to configure a server side (RP) client which requires a JWT<br>
> introspection URL on the OP. I tried to find such endpoint on the KeyCloak<br>
> server without avail neither did I actually find any url of type<br>
> "introspect" in the OpenID Connect Specification.<br>
><br>
> Does anyone know if/how a OAuth2 client can validate a JWT token via a back<br>
> channel with the KeyCloak server?<br>
><br>
> The client I am trying to configure is the MITREid client as per<br>
> <a href="https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Token-Introspecting-Client-Config" rel="noreferrer" target="_blank">https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Token-Introspecting-Client-Config</a><br>
><br>
> Looking at the code, the client will issue a post to the introspection<br>
> endpoint with some form data:<br>
><br>
> POST /auth/realms/myrealm/protocol/openid-connect/introspect HTTP/1.1<br>
> Host: localhost:8080<br>
> Cache-Control: no-cache<br>
> Content-Type: application/x-www-form-urlencoded<br>
><br>
> client_id=myapp&client_secret=mysupersecret&token=eyJhbGciO[trunkated but<br>
> valid access token]<br>
><br>
> Any pointers are much appreciated.<br>
><br>
> Kind Regards,<br>
> Niels<br>
><br>
><br>
><br>
><br>
</div></div>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br></div>