Re: [keycloak-dev] ID Token claims in Access Token and Refresh Token
----- Original Message -----
From: "Pedro Igor Silva" <psilva(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
Sent: Wednesday, 3 December, 2014 12:28:11 PM
Subject: Re: [keycloak-dev] ID Token claims in Access Token and Refresh Token
I notice that too when trying to broker a KeyCloak server from another one.
Also, I think KC is missing OpenID Connect Discovery [1].
[1] http://openid.net/specs/openid-connect-discovery-1_0.html
Yep, we've only implemented the core spec and parts of the session spec.
----- Original Message -----
From: "Stian Thorgersen" <stian(a)redhat.com>
To: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
Sent: Wednesday, December 3, 2014 5:55:24 AM
Subject: [keycloak-dev] ID Token claims in Access Token and Refresh Token
As AccessToken and RefreshToken extends IDToken they contain the ID Token
claims. If I've read the spec correctly those claims should only be in the
ID Token. There should also be a separate UserInfo endpoint which we're
missing.
Is there a reason why AccessToken extends IDToken, or can we remove that?
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev