Re: [keycloak-dev] make sending a request object mandatory for certain clients

On 08/03/18 15:25, Marek Posolda wrote: > Hi, > > sorry to not respond earlier. Your usecase makes sense to me and the code > you did as well. One minor thing, which is missing, is admin console > update. I think you need to add new switch to the client details page. > Please add it to same section like "Advanced config" where are other things > like request object signature algorithm etc. > Forgot to mention, that it will be nice if you send PR once you do it :) Thanks, Marek > Thanks, > Marek > > On 06/03/18 20:13, Aron Bustya wrote: > >> Hello! >> >> Can I get some reaction to this? (The community guidelines say I need to >> ask around before sending pull requests.) >> >> Regards, >> Áron Bustya >> >> On 2 December 2017 at 04:44, Aron Bustya <aron.bustya.js(a)gmail.com&gt; >> wrote: >> >> Hi! >>> >>> I have a use case where the server must accept authorization requests >>> only >>> when they contain a signed request object (should be configurable per >>> client). >>> >>> I have found a way to make the signing of the request object mandatory >>> by >>> specifying a 'request.object.signature.alg' attribute on the client, but >>> this only applies if a request object exists in the first place. >>> >>> I would like to propose a pull request: It defines a new client >>> attribute >>> 'request.object.required'. If this is set to 'true', the client must >>> send a >>> request object when initiating an authorization request. >>> >>> Current code can be checked here: https://github.com/abustya/ >>> keycloak/commit/476912906a3ad0d290220a1f54abee073dba687a >>> >>> What do you think? >>> >>> Regards, >>> Áron Bustya >>> >>> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > > >