On Thu, Dec 17, 2015 at 11:51 AM, Stian Thorgersen <sthorger@redhat.com> wrote:

On 11 December 2015 at 15:28, Bill Burke <bburke@redhat.com> wrote:
You want to write a PHP adapter? You can either validate the token
yourself, or invoke the Keycloak REst service to validate it for you.

Keycloak tokens are Json Web Signatures (JWS).

https://tools.ietf.org/html/rfc7515

The content of this signature is a Keycloak extension of Json Web Token:

http://jwt.io/

We have all the standard fields, with additional ones for role mappings
and group membership depending on how you've configured the client in
the admin console.

As for CORS this is something your PHP adapter has to handle. You can
configure the Keycloak token to embed what origins are allowed, but the
adapter has to handle setting all the appropriate headers.

BTW, we would definitely welcome a PHP adapter contribution!

+1000 Anyone interested in contributing this, ping us and we will help as much as we can :)

Here is something I contributed to PHP League's OAuth 2.0 Client while doing a PoC for a customer:

https://github.com/stevenmaguire/oauth2-keycloak

I don't really work with PHP so I didn't have a chance to take it any further.

Don't know if it's of any use, but please feel free to use it if it is.

Best regards,

Thoams