I'm wondering now ... I think Marek did some kind of "Evaluator" for
showing how scopes looks like in a token. In Authorization Services we have
the "Policy Evaluation Tool" which shows how an access token looks like
(including claims added by mappers, etc). Why not have something in admin
console itself from where admins can "evaluate" how an access/id token
looks like after selecting an user/service account ?
On Thu, Apr 5, 2018 at 1:31 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
One important thing I can think of is if we add support for JWEs we
need
to make sure this thing doesn't return token details.
On Thu, 5 Apr 2018, 17:09 Pedro Igor Silva, <psilva(a)redhat.com> wrote:
> Nope :)
>
> On Thu, Apr 5, 2018 at 12:03 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> I can see it being helpful in production for debugging purposes. It may
>> also be helpful for application developers that are trying to figure out
>> what's going on in their apps.
>>
>> Do you have any actual concerns about it being exposed rather than just
>> because it's more stuff to expose ;)
>>
>> On 5 April 2018 at 16:58, Pedro Igor Silva <psilva(a)redhat.com> wrote:
>>
>>> To avoid additional endpoints that are not really part of the core
>>> functionality. For demo and testing this is very helpful but in production
>>> you don't want the server serving such requests and consuming resources.
>>>
>>> Treat as a "feature" seems more reasonable for me instead of
always
>>> have it available.
>>>
>>> On Thu, Apr 5, 2018 at 11:47 AM, Stian Thorgersen
<sthorger(a)redhat.com>
>>> wrote:
>>>
>>>> Just to add - we can easily make it a feature that can be
>>>> enabled/disabled through the profile stuff, but was just curious to why
you
>>>> thought it would be needed to disable it.
>>>>
>>>> On 5 April 2018 at 16:45, Stian Thorgersen <sthorger(a)redhat.com>
>>>> wrote:
>>>>
>>>>> Why?
>>>>>
>>>>> On 5 April 2018 at 16:23, Pedro Igor Silva <psilva(a)redhat.com>
wrote:
>>>>>
>>>>>> Although very helpful, people may want to disable this when in
>>>>>> production.
>>>>>>
>>>>>> On Thu, Apr 5, 2018 at 9:04 AM, Stian Thorgersen <
>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>
>>>>>>> I added an example token validator endpoint that I needed for
some
>>>>>>> demonstration purposes. Question would this be useful to add
>>>>>>> directly to
>>>>>>> Keycloak?
>>>>>>>
>>>>>>> It provides a simple form where you can paste in the base64
token.
>>>>>>> It will
>>>>>>> then output the header, claims and whether or not the token
is
>>>>>>> valid. It
>>>>>>> uses realm keys to verify the signature so you don't have
to paste
>>>>>>> that in
>>>>>>> manually (like you do on jwt.io).
>>>>>>>
>>>>>>> For those to lazy to try it out I've attached a
screenshot.
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-dev mailing list
>>>>>>> keycloak-dev(a)lists.jboss.org
>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>