Re: [keycloak-user] token introspection

Hey Lucian, we have this https://github.com/keycloak/ keycloak-quickstarts/tree/latest/app-authz-springboot. On Tue, Aug 8, 2017 at 1:17 PM, Lucian Ochian <okianl(a)yahoo.com&gt; wrote: > Simon, > Do you have a demo app with that? I am just curious to see a spring(boot) > app with authorizations...I remember that I tried something with > authorizations, and the authorization context was null(I know there are > some Jira issues about it), but I still could not get it to work in 2.5.5 > AuthorizationContext authzContext = > keycloakSecurityContext.getAuthorizationContext(); > Thanks,Lucian > > On Tuesday, August 8, 2017, 10:25:35 AM CDT, Simon Payne < > simonpayne58(a)gmail.com&gt; wrote: > > yes correct. > > there is a definite change in behavior with the addition of the > keycloak.policy-enforcer-config.online-introspection=true flag, as > without > this single line in my property file it works correctly as a bearer only > resource server. Addition of this line results in the incorrect call to > token exchange endpoint. > > thanks > > > On Tue, Aug 8, 2017 at 3:28 PM, Bill Burke <bburke(a)redhat.com&gt; wrote: > > > Doesn't look like the switch is hooked up to anything. As it is, it > > looks like this switch was added for RPT validation, not access token > > validation, and not ever implemented. You just want the adapter to > > validate the access token with the auth server for bearer token > > requests, right? > > > > > > On 8/8/17 9:29 AM, Bill Burke wrote: > > > I'm looking at the code on server and I dont' see that it requires any > > > special switch to use it. The endpoint is: > > > > > > @Post > > > > > > /auth/realms/{realm}/protocol/openid-connect/token/introspect > > > > > > Takes form params. > > > > > > token > > > > > > token_type_hint (optional and defaults to "access_token") > > > > > > > > > > > > > > > > > > On 8/8/17 4:31 AM, Simon Payne wrote: > > >> after some debugging i figured that > > >> keycloak.policy-enforcer-config.online-introspection=true switched > on > > this > > >> functionality, however it appears to error on a 400 after making a > call > > to > > >> the /auth/realms/master/protocol/openid-connect/token endpoint. > > >> > > >> I'm assuming this is a bug? > > >> > > >> Thanks > > >> > > >> > > >> > > >> On Mon, Aug 7, 2017 at 3:10 PM, Simon Payne <simonpayne58(a)gmail.com&gt; > > wrote: > > >> > > >>> Hi All, > > >>> > > >>> I'm evaluating keycloak and i'm currently looking at token > > introspection. > > >>> > > >>> I've managed to achieve this manually, i.e. by sending a post via > > postman, > > >>> but i'm unable to figure out whether this can be achieved via the > > keycloak > > >>> adapters, specifically spring boot. > > >>> > > >>> any help in this area would be appreciated. > > >>> > > >>> thanks > > >>> > > >>> Simon. > > >>> > > >> _______________________________________________ > > >> keycloak-user mailing list > > >> keycloak-user(a)lists.jboss.org > > >> https://lists.jboss.org/mailman/listinfo/keycloak-user > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user(a)lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >