11:20 a.m.
Hi,
I am trying to use keycloak as our authentication server in the google cloud
endpoints. But looks the google cloud endpoints required nbf > 0. In the jwt token I
get from keycloak, the nbf is always 0. Is there a way I can configure the nbf value in
the keycloak jwt token? I search the documentation and the internet but did not get any
result.
Thanks in advanced
Xiaoling
4:14 p.m.
Hello Xiaoling,
Internally, Keycloak does track NBF value on the realm, client and user levels, but never
propagates it to the tokens. It can only be seen as the "not-before-policy"
property of the token response. Not sure if it's a bug, I hope Keycloak developers can
tell more about it.
As a workaround, you can either:
- hardcode a non-zero value into the "nbf" claim, using Hardcoded Claim mapper
in your client, or
- compute the value similarly to how it is done in TokenManager [1], using Script Mapper
and setting it via the token.notBefore() method.
[1]
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...
Good luck,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Tue, 2019-01-22 at 17:20 +0000, Xiaoling Chen wrote:
Hi,
I am trying to use keycloak as our authentication server in the google cloud
endpoints. But looks the google cloud endpoints required nbf > 0. In the jwt token I
get from keycloak, the nbf is always 0. Is there a way I can configure the nbf value in
the keycloak jwt token? I search the documentation and the internet but did not get any
result.
Thanks in advanced
Xiaoling
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2179
days inactive
2179
days old
1 comments
2 participants
participants (2)
-
Dmitry Telegin -
Xiaoling Chen