On 3/12/2015 10:56 AM, Stian Thorgersen wrote:
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: keycloak-dev(a)lists.jboss.org
> Sent: Thursday, 12 March, 2015 3:50:39 PM
> Subject: Re: [keycloak-dev] JWK
>
> JWK shouldn't be transmitted with ID Token and/or access token by
> default is what I mean. If I remember the specs correctly. Bloats the
> tokens and requires more parsing time.
That's how we sign the access token isn't it? Is there an option to include it in
the token itself?
You don't need to store JWK information in the JWS header of the access
token because the adapter only works with one realm and one public realm
key. We're not doing certificate chains either.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com