Re: [keycloak-dev] apps access to and refresh of facebook tokens
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Thursday, February 26, 2015 12:42:19 PM
Subject: [keycloak-dev] apps access to and refresh of facebook tokens
At least for openid connect, I think we hashed this through on our dev
call today.
* There will be a Protocol Claim Mapper that can add a facebook token
and expiration claim to the application's access token.
I would create a specific claim set for that instead of individual claims. Something
like:
"k_act" : {
"identity-provider": {
"id" : "facebook",
"access_token": "12312312",
"expires": "12312321"
}
}
(k_act : keycloak authentication context)
That way we can use this k_act for exchange information regarding the authentication
context when issuing access tokens or even id tokens.
* the refreshToken endpoint will accept a "scope"
parameter. The
application can then request the refresh of any external token by
specifying this token in the "scope parameter.
I was thinking about adding a refreshToken endpoint to the identity broker. Isn't
better ?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev