Are you sure the performance gains are worth less security?  What kind of performance are you actually worried about?  Network (size of tokens) or CPU (signatures/marshaling/unmarshalling)?  If anything, these signatures are only going to get stronger in future releases.

On 5/24/16 5:46 AM, Matuszak, Eduard wrote:
Motivated by considerations on how to improve the performance of the token generation process I have two questions:
  • I noticed that Keycloak’s token generation via endpoint “auth/realms/ccp/protocol/openid-connect/token” generates a triple of tokens (access-, refresh- and id-token). Is there any possibility to dispense with the id-token generation?
  • Is there a possibility to cause Keycloak to generate more “simple” bearer tokens then complex jwt-tokens?
Best regards, Eduard Matuszak

keycloak-user mailing list