Re: [Aerogear-users] Keycloak - validate token on server

I ended up forking aerogear and merging in an unmerged PR that exposed Safari View Controller (I am targeting iOS 9+) and then also modified to allow for passing of kc_idp_hint. https://github.com/drouillard/aerogear-ios-oauth2 It is nice and clean and avoids the user experience issues that motivated my original question. E.g. embedded views dont work with Google sign-in and the external safari makes user answer an additional prompt (Open in 'app name') plus risks leaving them in no-persons land if they cancel. For my active account question I likely can just use the Admin API can check outright for if user is enabled. Still researching best Java client to use in my case as it seems like i am in a bearer-only situation. The aerogear code is easier to follow as there is not intermixing of session/server logic like the servlet examples I have seen. Verifying the JWT on local server is easy and likely good enough but I believe there should be a way to verify it with the keycloak server if desired using certificates/possibly open-id end points. I am working in a high fraud situation so need all options available. Will update this thread as they appear in Google search results. On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard < douglas.drouillard(a)gmail.com&gt; wrote: