On 27/08/13 02:20 PM, Bill Burke wrote:
Well, you need to remember that OAuth 2 is a framework and not a
complete protocol. The actual authentication part with the auth server
is the most "flexible" part of the API. I'd like to follow it as
closely as possible though.
Yep, agreed. OAuth does not provide a complete protocol and leaves a lot
of stuff to the implementors to decide. It also makes a lot of stuff
optional and allows for custom extensions. It does however clearly
defined some areas and provides a defined protocol for them.
Unfortunately we are not exactly in line with the specification in all
areas and would need to make some changes to become compliant.
I am assuming that trying to 'follow it as closely as possible' means we
do want to be compliant and that issues should be filled where it does
not follow the defined sections?
On 8/23/2013 4:39 PM, Matt Wringe wrote:
> Could someone please clarify if one of the goals of keycloak is to
> provide an oauth 2.0 compliant authorization server?
>
> I am trying to figure out if I should be filing bugs and submitting
> patches, or if keycloak is only meant to have a oauth like semblance.
>
> Thanks,
>
> Matt Wringe
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>