revocation is in
by Bill Burke
You can set up a Not Before policy at the realm or client level. You
have the option to PUSH this value to the client adapters that have a
admin url set up. Not Before policy is also piggybacked with
AccessTokenResponse too. Adapters recheck the not before policy before
each request and will force a re-auth if the token is stale.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 11 months
Release March 13th
by Bill Burke
We have enough features for alpha 3 (refresh tokens, realm admin roles,
revocation, and session/login mgmt, and hopefully a bare-bones
mult-tenant adapter). I'd like to release March 13th. Have everything
in by March 11th for testing and building.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 11 months
Support for installed applications
by Stian Thorgersen
For installed applications Google, and at least some others, provide two special redirect_uris:
* urn:ietf:wg:oauth:2.0:oob
* http://localhost
The first (urn:ietf:wg:oauth:2.0:oob) redirects to a special page on the auth server which displays the code in the browser title and in a textarea. See https://developers.google.com/accounts/images/installedresult.png for an example. This can be used in the case where an installed application is not able to start a "temporary" browser to list for requests on localhost. Or in the case where you need the user to manually copy/paste the code to the app.
The second allows using localhost with any port. This is the recommended approach as the application can start a "temporary" browser on any free port to listen for a request to retrieve the code.
I'm working adding these to Keycloak. This is needed at the moment to support Cordova applications, but will also be useful for anyone that wants to do other types of installed applications (for example a CLI).
10 years, 11 months