----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Thursday, 12 March, 2015 3:50:39 PM
Subject: Re: [keycloak-dev] JWK
JWK shouldn't be transmitted with ID Token and/or access token by
default is what I mean. If I remember the specs correctly. Bloats the
tokens and requires more parsing time.
That's how we sign the access token isn't it? Is there an option to include it in
the token itself?
On 3/12/2015 10:45 AM, Stian Thorgersen wrote:
> It's required by OpenID Connect Discovery and is useful to 3rd party
> libraries, we'll need it to pass OIDC interoperability.
>
> Why should it not be enabled by default? It's just the public realm key in
> a reusable json format.
>
> We should have used JWK in keycloak.json files as well.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Thursday, 12 March, 2015 2:17:10 PM
>> Subject: [keycloak-dev] JWK
>>
>> Not sure why we have JWK support and I hope it is not on by default.
>> JWK is really only useful in the case where the client needs to identify
>> the key needed to use to decrypt or validate an ID token/access token.
>> In our implementation we do not have the ability to have different
>> signers. This knowledge is expected to be provided in configuration.
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>>
http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com