On 5.8.2015 15:04, Juraci Paixão Kröhling wrote:
On 08/05/2015 01:52 PM, Marek Posolda wrote:
> Doing at the beginning of the connection might be easy. We may just need
> to add support to adapters for authentication via bearer token sent in
> URL query parameter or in the POST body. There is also specs for it
>
http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html#query-param
The main problem with this is that a token might be valid at the time
the connection is made, but might not be valid after some time, while
the socket is still opened. So, a socket that was opened with a
session that just expired would still be open.
Perhaps undertow provides something that would allow the adapter to
close sockets whose tokens are not valid anymore?
No idea, may require further
investigation.
It will be cool if we have something like our iframe in keycloak.js to
easily detect logout and close the socket based on it. Maybe it's
possible the server will poll the client socket and ask for updated
token from the client periodically. I am not sure about the possible and
best option TBH (not have deep websocket knowledge)
Marek
- Juca.