<div dir="ltr"><div><br></div><div><br></div><div class="gmail_extra"><div class="gmail_quote">On Thu, Dec 17, 2015 at 11:51 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class="">On 11 December 2015 at 15:28, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">You want to write a PHP adapter? You can either validate the token<br>
yourself, or invoke the Keycloak REst service to validate it for you.<br>
<br>
Keycloak tokens are Json Web Signatures (JWS).<br>
<br>
<a href="https://tools.ietf.org/html/rfc7515" rel="noreferrer" target="_blank">https://tools.ietf.org/html/rfc7515</a><br>
<br>
The content of this signature is a Keycloak extension of Json Web Token:<br>
<br>
<a href="http://jwt.io/" rel="noreferrer" target="_blank">http://jwt.io/</a><br>
<br>
We have all the standard fields, with additional ones for role mappings<br>
and group membership depending on how you've configured the client in<br>
the admin console.<br>
<br>
As for CORS this is something your PHP adapter has to handle. You can<br>
configure the Keycloak token to embed what origins are allowed, but the<br>
adapter has to handle setting all the appropriate headers.<br>
<br>
BTW, we would definitely welcome a PHP adapter contribution!<br></blockquote><div><br></div></span><div>+1000 Anyone interested in contributing this, ping us and we will help as much as we can :)</div></div></div></div></blockquote><div><br></div><div>Here is something I contributed to PHP League's OAuth 2.0 Client while doing a PoC for a customer:</div><div><a href="https://github.com/stevenmaguire/oauth2-keycloak">https://github.com/stevenmaguire/oauth2-keycloak</a><br></div><div><br></div><div>I don't really work with PHP so I didn't have a chance to take it any further.</div><div><br></div><div>Don't know if it's of any use, but please feel free to use it if it is.</div><div><br></div><div>Best regards,</div><div>Thoams</div><div><br></div><div><br></div><div><br></div></div>
</div></div>