From: "Vinay Anantharaman" <vinayan3(a)gmail.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Thursday, 13 August, 2015 12:21:01 AM Subject: [keycloak-dev] Implementing database-service example in Python Hi, I'm trying to implement the example database service from Python. The description is here: https://github.com/keycloak/keycloak/tree/master/examples/demo-template Our backend service is contacted directly by clients with an access token from the Keycloak server. We would like to verify access tokens are and then return some data they need. I was looking at the code here: https://github.com/keycloak/keycloak/blob/master/examples/demo-template/d... service/src/main/java/org/keycloak/example/oauth/CustomerService.java In Java this seems quite trivial with the support of Keycloak libraries. In Python I won't have them. What are the APIs on Keycloak I can use to verify an access token? Furthermore, are you aware of any classes like RSATokenVerifier for python? I saw it being used here: https://github.com/keycloak/keycloak/blob/master/testsuite/integration/sr... Thanks, Vinay Anantharaman _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

If you're interested in becoming a contributor Vinay, this would be a very useful extension! BTW, we also have a "lightweight" Java Security HTTP Proxy based on Undertow that you can use to secure python apps. On 8/13/2015 2:00 AM, Stian Thorgersen wrote: > Afraid we don't have any libraries for Python yet. > > Simply verifying the token should be relatively straight forward though. It's a standard JWT token (base64 encoded json) with a JWS signature. You can look at RSATokenVerifier to see what details should be verified (expiration date, issuer, etc..). You also need to verify the signature. There may quite likely be JWT libraries for Python you can use. > > ----- Original Message ----- >> From: "Vinay Anantharaman" <vinayan3(a)gmail.com&gt; >> To: keycloak-dev(a)lists.jboss.org >> Sent: Thursday, 13 August, 2015 12:21:01 AM >> Subject: [keycloak-dev] Implementing database-service example in Python >> >> Hi, >> I'm trying to implement the example database service from Python. The >> description is here: >> >> >> >> https://github.com/keycloak/keycloak/tree/master/examples/demo-template >> >> Our backend service is contacted directly by clients with an access token >> from the Keycloak server. We would like to verify access tokens are and then >> return some data they need. I was looking at the code here: >> >> >> >> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/d... >> service/src/main/java/org/keycloak/example/oauth/CustomerService.java >> >> In Java this seems quite trivial with the support of Keycloak libraries. In >> Python I won't have them. What are the APIs on Keycloak I can use to verify >> an access token? Furthermore, are you aware of any classes like >> RSATokenVerifier for python? I saw it being used here: >> >> >> >> https://github.com/keycloak/keycloak/blob/master/testsuite/integration/sr... >> >> Thanks, >> >> >> Vinay Anantharaman >> >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

----- Original Message ----- > From: "Vinay Anantharaman" <vinayan3(a)gmail.com&gt; > To: "Bill Burke" <bburke(a)redhat.com&gt; > Cc: keycloak-dev(a)lists.jboss.org > Sent: Friday, 14 August, 2015 9:42:39 PM > Subject: Re: [keycloak-dev] Implementing database-service example in Python > > I'll be looking into this and will report back if a library exists for Python > to read JWT tokens. > > I was wondering is there an API on the KeyCloak server for doing JWT token > verification? Or rather should we decode the token and use the REST admin > endpoints if we need to query more information? There is a rest endpoint that can be used to verify a token, but that requires a request to KC. As the token is signed it's better to just check it locally as it reduces the amount of request to Keycloak. > > > Vinay > > On Thu, Aug 13, 2015 at 9:05 AM, Bill Burke < bburke(a)redhat.com > wrote: > > > If you're interested in becoming a contributor Vinay, this would be a > very useful extension! > > BTW, we also have a "lightweight" Java Security HTTP Proxy based on > Undertow that you can use to secure python apps. > > On 8/13/2015 2:00 AM, Stian Thorgersen wrote: > > Afraid we don't have any libraries for Python yet. > > > > Simply verifying the token should be relatively straight forward though. > > It's a standard JWT token (base64 encoded json) with a JWS signature. You > > can look at RSATokenVerifier to see what details should be verified > > (expiration date, issuer, etc..). You also need to verify the signature. > > There may quite likely be JWT libraries for Python you can use. > > > > ----- Original Message ----- > >> From: "Vinay Anantharaman" < vinayan3(a)gmail.com > > >> To: keycloak-dev(a)lists.jboss.org > >> Sent: Thursday, 13 August, 2015 12:21:01 AM > >> Subject: [keycloak-dev] Implementing database-service example in Python > >> > >> Hi, > >> I'm trying to implement the example database service from Python. The > >> description is here: > >> > >> > >> > >> https://github.com/keycloak/keycloak/tree/master/examples/demo-template > >> > >> Our backend service is contacted directly by clients with an access token > >> from the Keycloak server. We would like to verify access tokens are and > >> then > >> return some data they need. I was looking at the code here: > >> > >> > >> > >> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/d... > >> service/src/main/java/org/keycloak/example/oauth/CustomerService.java > >> > >> In Java this seems quite trivial with the support of Keycloak libraries. > >> In > >> Python I won't have them. What are the APIs on Keycloak I can use to > >> verify > >> an access token? Furthermore, are you aware of any classes like > >> RSATokenVerifier for python? I saw it being used here: > >> > >> > >> > >> https://github.com/keycloak/keycloak/blob/master/testsuite/integration/sr... > >> > >> Thanks, > >> > >> > >> Vinay Anantharaman > >> > >> _______________________________________________ > >> keycloak-dev mailing list > >> keycloak-dev(a)lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/keycloak-dev > > _______________________________________________ > > keycloak-dev mailing list > > keycloak-dev(a)lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-dev > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > > > > -- > Vinay Anantharaman > > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev