Re: [keycloak-dev] Cross Client Use case
Our tokens are JsonWebSignatures. If the other applications have the
public key of the realm, they can verify those signatures. Keycloak
also has a remote validation URL which you can send a token to.
/auth/realms/{realm}/protocol/openid-connect/validate?access_token={token}
On 4/12/2015 6:58 AM, Raghu Prabhala wrote:
We have a use case similar to the one listed in the below url -
basically once a user is authenticated, a client application after
receiving the tokens from the Provider, shares the tokens with a few
other applications that are in a group. The other client applications
should be able to verify the tokens without requiring any more user
interaction. In the OIDC world, unfortunately, the aud parameter has the
clientid of the first app only and it will fail validation by the other
apps. So, is there any way this can be handled in KC?
https://developers.google.com/identity/protocols/CrossClientAuth
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com