Re: [keycloak-user] keycloak 1.3.1 OpenID Connect token introspection url

From: "Niels Bertram" <nielsbne(a)gmail.com&gt; To: keycloak-user(a)lists.jboss.org Sent: Monday, 29 June, 2015 5:30:51 PM Subject: [keycloak-user] keycloak 1.3.1 OpenID Connect token introspection url Hi there, I am trying to configure a server side (RP) client which requires a JWT introspection URL on the OP. I tried to find such endpoint on the KeyCloak server without avail neither did I actually find any url of type "introspect" in the OpenID Connect Specification. Does anyone know if/how a OAuth2 client can validate a JWT token via a back channel with the KeyCloak server? The client I am trying to configure is the MITREid client as per https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki... Looking at the code, the client will issue a post to the introspection endpoint with some form data: POST /auth/realms/myrealm/protocol/openid-connect/introspect HTTP/1.1 Host: localhost:8080 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded client_id=myapp&client_secret=mysupersecret&token=eyJhbGciO[trunkated but valid access token] Any pointers are much appreciated. Kind Regards, Niels _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user