Re: [keycloak-user] OpenID Connect support
I tested with libraries based on Apache Oltu and even I noticed that realm name is being
sent in the Idtoken under "iss". "aud" is null when I included
multiple redirect Uris which is breaking the validation (as per openid spec).
"azp" is not being sent (it is optional unless more than 1 client is registered)
- expect that to be sent once I register two clients.
Used /account for userinfo end point that didn't work. Will provide more feedback as I
continue to test
Fyi -My libraries were tested completely against a server implementation based on
Mitre's open Id connect and they are good.
Sent from my iPhone
On Oct 20, 2014, at 2:24 PM, Iván Perdomo <ivan(a)akvo.org>
wrote:
On Mon, 20 Oct 2014 13:57:44 -0400
Bill Burke <bburke(a)redhat.com> wrote:
> I thought the issuer was the realm. I guess its not....Also looks
> like we'll need to have one URL to process all realm oidc requests as
> the ISS is validated.
>
> Does this library offer any encryption/signature options for the ID
> Token?
The library validating the token is Google's OAuth Client Library
[1][2], the piece of code calling that library [3]
[1] https://code.google.com/p/google-oauth-java-client/
[2]
http://javadoc.google-oauth-java-client.googlecode.com/hg/1.19.0/com/goog...
[3]
https://github.com/iperdomo/android-openid-connect-sample/blob/master/app...
--
Iván
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user