Re: [keycloak-user] keycloak 1.3.1 OpenID Connect token introspection url

Keycloak has an endpoint to verify token. URL is: /auth/realms/<realm>/protocol/openid-connect/validate It takes a single query_param 'access_token'. If token is valid the response will be the token as json document, otherwise it'll return an error. ----- Original Message ----- > From: "Niels Bertram" <nielsbne(a)gmail.com&gt; > To: keycloak-user(a)lists.jboss.org > Sent: Monday, 29 June, 2015 5:30:51 PM > Subject: [keycloak-user] keycloak 1.3.1 OpenID Connect token introspection url > > Hi there, > > I am trying to configure a server side (RP) client which requires a JWT > introspection URL on the OP. I tried to find such endpoint on the KeyCloak > server without avail neither did I actually find any url of type > "introspect" in the OpenID Connect Specification. > > Does anyone know if/how a OAuth2 client can validate a JWT token via a back > channel with the KeyCloak server? > > The client I am trying to configure is the MITREid client as per > https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki... > > Looking at the code, the client will issue a post to the introspection > endpoint with some form data: > > POST /auth/realms/myrealm/protocol/openid-connect/introspect HTTP/1.1 > Host: localhost:8080 > Cache-Control: no-cache > Content-Type: application/x-www-form-urlencoded > > client_id=myapp&client_secret=mysupersecret&token=eyJhbGciO[trunkated but > valid access token] > > Any pointers are much appreciated. > > Kind Regards, > Niels > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user