Hi,
sorry to not respond earlier. Your usecase makes sense to me and the
code you did as well. One minor thing, which is missing, is admin
console update. I think you need to add new switch to the client details
page. Please add it to same section like "Advanced config" where are
other things like request object signature algorithm etc.
Thanks,
Marek
On 06/03/18 20:13, Aron Bustya wrote:
Hello!
Can I get some reaction to this? (The community guidelines say I need to
ask around before sending pull requests.)
Regards,
Áron Bustya
On 2 December 2017 at 04:44, Aron Bustya <aron.bustya.js(a)gmail.com> wrote:
> Hi!
>
> I have a use case where the server must accept authorization requests only
> when they contain a signed request object (should be configurable per
> client).
>
> I have found a way to make the signing of the request object mandatory by
> specifying a 'request.object.signature.alg' attribute on the client, but
> this only applies if a request object exists in the first place.
>
> I would like to propose a pull request: It defines a new client attribute
> 'request.object.required'. If this is set to 'true', the client must
send a
> request object when initiating an authorization request.
>
> Current code can be checked here:
https://github.com/abustya/
> keycloak/commit/476912906a3ad0d290220a1f54abee073dba687a
>
> What do you think?
>
> Regards,
> Áron Bustya
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev