Re: [keycloak-dev] ID Token claims in Access Token and Refresh Token

I notice that too when trying to broker a KeyCloak server from another one. Also, I think KC is missing OpenID Connect Discovery [1]. [1] http://openid.net/specs/openid-connect-discovery-1_0.html ----- Original Message ----- From: "Stian Thorgersen" <stian(a)redhat.com&gt; To: "keycloak dev" <keycloak-dev(a)lists.jboss.org&gt; Sent: Wednesday, December 3, 2014 5:55:24 AM Subject: [keycloak-dev] ID Token claims in Access Token and Refresh Token As AccessToken and RefreshToken extends IDToken they contain the ID Token claims. If I've read the spec correctly those claims should only be in the ID Token. There should also be a separate UserInfo endpoint which we're missing. Is there a reason why AccessToken extends IDToken, or can we remove that? _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev