Re: [keycloak-dev] Keycloak.js is inefficient and can be improved
Looks pretty cool.
I was wondering if we should verify the token in keycloak.js, not sure if it's
necessary, but if someone could pass an invalid token to keycloak.js somehow they could
potentially fool it into using it
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Monday, February 9, 2015 11:51:04 PM
Subject: [keycloak-dev] Keycloak.js is inefficient and can be improved
I had a good discussion on OAuth list about javascript and implicit flow
vs. auth-code flow. It was pointed out that auth-code flow has some
extra hops that can be avoided if you implement "response_mode=fragment".
See this:
https://issues.jboss.org/browse/KEYCLOAK-1033
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev