Re: [keycloak-user] Token Validation

You want to write a PHP adapter? You can either validate the token yourself, or invoke the Keycloak REst service to validate it for you. Keycloak tokens are Json Web Signatures (JWS). https://tools.ietf.org/html/rfc7515 The content of this signature is a Keycloak extension of Json Web Token: http://jwt.io/ We have all the standard fields, with additional ones for role mappings and group membership depending on how you've configured the client in the admin console. As for CORS this is something your PHP adapter has to handle. You can configure the Keycloak token to embed what origins are allowed, but the adapter has to handle setting all the appropriate headers. BTW, we would definitely welcome a PHP adapter contribution!

On 12/11/2015 3:30 AM, Brian Thai wrote: > Hi All, > > I have just started to work with keycloak 1.7.0 and I have a PHP rest > service that I want to write an adapter for. I have read the docs and > the code but I don't understand how the token is validated from the rest > service. > > I understand that with a js client they would be redirected to keycloak > to obtain an access token which will be passed to my rest api. At that > point I should validate the token, and I see that keycloak provides a > rest endpoint for validation: > http://docs.jboss.org/keycloak/docs/1.0-rc-1/rest-api/realms/%7Brealm%7D/... > > I get held from cors because the realm itself does not have > configuration for setting the 'Access-Control-Allow-Origin' header. Can > anyone point me in the right direction? > > Thanks, > -Brian > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user