Its possible and easy if you don't allow hot deployment. Just add
the provider to the list of classes or objects that define the root of
the JAX-RS tree.
IMO, though I don't see the value. We'll only want extensions under
/realms/{realm} and under the admin REST API (for token validation).
There's a lot of initialization and work that's done by each layer of
the url scheme. Especially for admin endpoints.
On Thu, Apr 5, 2018 at 9:58 AM, Stian Thorgersen <sthorger(a)redhat.com> wrote:
Is there a way we could let it register on any path with RestEasy?
On 5 April 2018 at 15:56, Bill Burke <bburke(a)redhat.com> wrote:
>
> I'll just switch to using that probably.
>
> On Thu, Apr 5, 2018 at 9:48 AM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
> > We already have a realm resource provider which adds directly under
> > realm
> > (/auth/realms/<realm name>/<resource provider id>). See
> >
> >
https://github.com/stianst/keycloak-experimental/blob/master/token-valida....
> >
> > The URL for this thing is: /auth/realms/master/token-validator
> >
> > Perhaps we could extend the realm resource provider to allow not just
> > adding
> > directly under realms, but under any arbitrary path? Not sure if
> > RestEasy
> > allows that though.
> >
> > On 5 April 2018 at 15:41, Bill Burke <bburke(a)redhat.com> wrote:
> >>
> >> +1
> >>
> >> Question, how are you adding this endpoint? Under ../protocol/oidc?
> >>
> >> The kubernetes integration needs a similar validation endpoint that
> >> outputs a document that kubernetes consumes. What I did is create an
> >> entirely new protocol. Maybe a protocol extension endpoint would be
> >> better?
> >>
> >> Object createExtensionEndpoint(String providerId)
> >>
> >> The returned Object would be a JAX-RS sub resource.
> >>
> >> Then the base endpoint would be
> >> .../protocol/oidc/extensions/{provider-id}
> >>
> >>
> >>
> >> On Thu, Apr 5, 2018 at 8:04 AM, Stian Thorgersen
<sthorger(a)redhat.com>
> >> wrote:
> >> > I added an example token validator endpoint that I needed for some
> >> > demonstration purposes. Question would this be useful to add directly
> >> > to
> >> > Keycloak?
> >> >
> >> > It provides a simple form where you can paste in the base64 token. It
> >> > will
> >> > then output the header, claims and whether or not the token is valid.
> >> > It
> >> > uses realm keys to verify the signature so you don't have to paste
> >> > that
> >> > in
> >> > manually (like you do on jwt.io).
> >> >
> >> > For those to lazy to try it out I've attached a screenshot.
> >> >
> >> > _______________________________________________
> >> > keycloak-dev mailing list
> >> > keycloak-dev(a)lists.jboss.org
> >> >
https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> >>
> >>
> >> --
> >> Bill Burke
> >> Red Hat
> >
> >
>
>
>
> --
> Bill Burke
> Red Hat