Re: [keycloak-user] WebSockets
On 08/05/2015 01:52 PM, Marek Posolda wrote:
Doing at the beginning of the connection might be easy. We may just
need
to add support to adapters for authentication via bearer token sent in
URL query parameter or in the POST body. There is also specs for it
http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html#query-param
The main problem with this is that a token might be valid at the time
the connection is made, but might not be valid after some time, while
the socket is still opened. So, a socket that was opened with a session
that just expired would still be open.
Perhaps undertow provides something that would allow the adapter to
close sockets whose tokens are not valid anymore?
- Juca.