OAuth2 JWT Secured Authorization Request (JAR) - keycloak-dev - Jboss List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

OAuth2 JWT Secured Authorization Request (JAR)

Build keycloak

acr and acr_values

Pedro Igor Silva

Thursday, 16 February 2017 Thu, 16 Feb '17

9:07 a.m.

Really interesting spec to improve security to authorization requests [1] sent to a AS. Any similarity with SAML is just coincidence :) [1] https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq Regards. Pedro Igor

Reply

Show replies by date

Bill Burke

Thursday, 16 February Thu, 16 Feb

9:18 a.m.

I'm sure they'll create a POST binding next because the URLs will be too big. On 2/16/17 10:07 AM, Pedro Igor Silva wrote:

Really interesting spec to improve security to authorization requests [1] sent to a AS. Any similarity with SAML is just coincidence :) [1] https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq Regards. Pedro Igor _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Reply

Pedro Igor Silva

11:32 a.m.

There is a spec for this already .... An OIDC one https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html. On Thu, Feb 16, 2017 at 1:18 PM, Bill Burke <bburke(a)redhat.com> wrote:

I'm sure they'll create a POST binding next because the URLs will be too big. On 2/16/17 10:07 AM, Pedro Igor Silva wrote: > Really interesting spec to improve security to authorization requests [1] > sent to a AS. > > Any similarity with SAML is just coincidence :) > > [1] https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq > > Regards. > Pedro Igor > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Reply

Marek Posolda

Friday, 17 February Fri, 17 Feb

3:14 p.m.

On 16/02/17 18:32, Pedro Igor Silva wrote:

There is a spec for this already .... An OIDC one https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html.

And we already support that one on keycloak server side (no support in adapters ATM). Marek

On Thu, Feb 16, 2017 at 1:18 PM, Bill Burke <bburke(a)redhat.com> wrote: > I'm sure they'll create a POST binding next because the URLs will be too > big. > > > On 2/16/17 10:07 AM, Pedro Igor Silva wrote: >> Really interesting spec to improve security to authorization requests [1] >> sent to a AS. >> >> Any similarity with SAML is just coincidence :) >> >> [1] https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq >> >> Regards. >> Pedro Igor >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Reply

2869

days inactive

2870

days old

keycloak-dev@lists.jboss.org

Manage subscription

3 comments

3 participants

tags (0)

participants (3)

Bill Burke
Marek Posolda
Pedro Igor Silva