On 08/11/2015 07:23 AM, Stian Thorgersen wrote:
I know there's no standard protocol, but I still think the token
should be sent through the socket itself not as part of the url. I don't like sending
it as the url for one, secondly having to drop and re-create the socket every time the
token expires negates the purpose of web sockets somewhat.
Just to be clear: Keycloak would not listen to or send messages, right?
It's all part of an API that Keycloak would provide, so that server
endpoints can validate/check tokens when needed.
If so, I could then start some PoC for that.
- Juca.