You want to write a PHP adapter? You can either validate the token
yourself, or invoke the Keycloak REst service to validate it for you.
Keycloak tokens are Json Web Signatures (JWS).
https://tools.ietf.org/html/rfc7515
The content of this signature is a Keycloak extension of Json Web Token:
http://jwt.io/
We have all the standard fields, with additional ones for role mappings
and group membership depending on how you've configured the client in
the admin console.
As for CORS this is something your PHP adapter has to handle. You can
configure the Keycloak token to embed what origins are allowed, but the
adapter has to handle setting all the appropriate headers.
BTW, we would definitely welcome a PHP adapter contribution!
On 12/11/2015 3:30 AM, Brian Thai wrote:
Hi All,
I have just started to work with keycloak 1.7.0 and I have a PHP rest
service that I want to write an adapter for. I have read the docs and
the code but I don't understand how the token is validated from the rest
service.
I understand that with a js client they would be redirected to keycloak
to obtain an access token which will be passed to my rest api. At that
point I should validate the token, and I see that keycloak provides a
rest endpoint for validation:
http://docs.jboss.org/keycloak/docs/1.0-rc-1/rest-api/realms/%7Brealm%7D/...
I get held from cors because the realm itself does not have
configuration for setting the 'Access-Control-Allow-Origin' header. Can
anyone point me in the right direction?
Thanks,
-Brian
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com