Are you sure the performance gains are worth less security? What kind of performance are you actually worried about? Network (size of tokens) or CPU (signatures/marshaling/unmarshalling)? If anything, these signatures are only going to get stronger in future releases.

On 5/24/16 5:46 AM, Matuszak, Eduard wrote:

Hello

Motivated by considerations on how to improve the performance of the token generation process I have two questions:

I noticed that Keycloak’s token generation via endpoint “auth/realms/ccp/protocol/openid-connect/token” generates a triple of tokens (access-, refresh- and id-token). Is there any possibility to dispense with the id-token generation?

Is there a possibility to cause Keycloak to generate more “simple” bearer tokens then complex jwt-tokens?

Best regards, Eduard Matuszak
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user