<div dir="ltr">You can tweak what goes into the access token through protocol mappers for a client or client template, so you need to write your own spec for how your own tokens look like. </div><div class="gmail_extra"><br><div class="gmail_quote">On 19 April 2016 at 11:26, Simon Gordon <span dir="ltr"><<a href="mailto:dev@sgordon.totalise.co.uk" target="_blank">dev@sgordon.totalise.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all<br>
<br>
I'm looking at the future of our architecture, including how we secure APIs<br>
(Resource Servers) and more.<br>
<br>
It is important that any authorisation services we provide have versioned<br>
and 'managed' endpoint interfaces, such that compatibility is maintained<br>
across the lifecycle of the authorisation service (patches and upgrades).<br>
Since our Resource Servers could be 'anything', we can't rely upon handing<br>
out particular libraries for those resource servers to use to integrate<br>
with the AS - that would be awful to manage across a large estate of<br>
services anyway.<br>
<br>
As I see it, I can mandate that Resource Servers use OAuth 2, so many<br>
issues go away - but the critical item for maintaining compatibility is the<br>
Access Token - when we implement the AS, a key deliverable to our RS<br>
partners will be a technical specification of the Access Token.<br>
<br>
Does a technical specification of the Access Token exist? What is the<br>
policy with regards to compatibility of the Access Token across<br>
versions/patches of KeyCloak?<br>
<br>
(I could fall back to the Token Info endpoint - but again, that needs to<br>
maintain compatibility across releases)<br>
<br>
Thanks!<br>
<br>
Simon<br>
<br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br></div>