<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 11 December 2015 at 15:28, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You want to write a PHP adapter? You can either validate the token<br>
yourself, or invoke the Keycloak REst service to validate it for you.<br>
<br>
Keycloak tokens are Json Web Signatures (JWS).<br>
<br>
<a href="https://tools.ietf.org/html/rfc7515" rel="noreferrer" target="_blank">https://tools.ietf.org/html/rfc7515</a><br>
<br>
The content of this signature is a Keycloak extension of Json Web Token:<br>
<br>
<a href="http://jwt.io/" rel="noreferrer" target="_blank">http://jwt.io/</a><br>
<br>
We have all the standard fields, with additional ones for role mappings<br>
and group membership depending on how you've configured the client in<br>
the admin console.<br>
<br>
As for CORS this is something your PHP adapter has to handle. You can<br>
configure the Keycloak token to embed what origins are allowed, but the<br>
adapter has to handle setting all the appropriate headers.<br>
<br>
BTW, we would definitely welcome a PHP adapter contribution!<br></blockquote><div><br></div><div>+1000 Anyone interested in contributing this, ping us and we will help as much as we can :)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div class="h5"><br>
On 12/11/2015 3:30 AM, Brian Thai wrote:<br>
> Hi All,<br>
><br>
> I have just started to work with keycloak 1.7.0 and I have a PHP rest<br>
> service that I want to write an adapter for. I have read the docs and<br>
> the code but I don't understand how the token is validated from the rest<br>
> service.<br>
><br>
> I understand that with a js client they would be redirected to keycloak<br>
> to obtain an access token which will be passed to my rest api. At that<br>
> point I should validate the token, and I see that keycloak provides a<br>
> rest endpoint for validation:<br>
> <a href="http://docs.jboss.org/keycloak/docs/1.0-rc-1/rest-api/realms/%7Brealm%7D/tokens/validate/index.html" rel="noreferrer" target="_blank">http://docs.jboss.org/keycloak/docs/1.0-rc-1/rest-api/realms/%7Brealm%7D/tokens/validate/index.html</a><br>
><br>
> I get held from cors because the realm itself does not have<br>
> configuration for setting the 'Access-Control-Allow-Origin' header. Can<br>
> anyone point me in the right direction?<br>
><br>
> Thanks,<br>
> -Brian<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</font></span></blockquote></div><br></div></div>