On 25.3.2015 14:57, Stian Thorgersen wrote:
Had a quick look at it and seems Facebook and GitHub return access
token response as form-url-encoded (access_token=<...>&foo=bar).
Another thing I spotted was that I'm pretty sure we're not validating the SSL
connection when sending requests to the IdPs. We should drop the SimpleHttp util I created
and use something better (Apache or RestEasy) and make sure it's possible to setup a
truststore). SimpleHttp was only created as we initially wanted the social lib to be a
reusable lightweight lib, but now it's only for KC so there's no point in it and
it's pretty crap for many reasons!
SimpleHttp uses common java HttpsURLConnection which by default
validates https certificates against common JVM truststore (typically
cacerts somewhere in java installation directory) as I know.
See
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/HttpsURLConnection...
and
http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSER...
Vl.
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Wednesday, 25 March, 2015 2:52:07 PM
> Subject: [keycloak-dev] social/broker errors
>
> I'll look into all the social/broker errors and test out on all social
> providers (again) after I finish up some logout work.
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Vlastimil Elias
Principal Software Engineer
jboss.org Development Team