Keycloak has an endpoint to verify token. URL is:

  /auth/realms/<realm>/protocol/openid-connect/validate

It takes a single query_param 'access_token'. If token is valid the response will be the token as json document, otherwise it'll return an error.

----- Original Message -----
> From: "Niels Bertram" <nielsbne@gmail.com>
> To: keycloak-user@lists.jboss.org
> Sent: Monday, 29 June, 2015 5:30:51 PM
> Subject: [keycloak-user] keycloak 1.3.1 OpenID Connect token introspection    url
>
> Hi there,
>
> I am trying to configure a server side (RP) client which requires a JWT
> introspection URL on the OP. I tried to find such endpoint on the KeyCloak
> server without avail neither did I actually find any url of type
> "introspect" in the OpenID Connect Specification.
>
> Does anyone know if/how a OAuth2 client can validate a JWT token via a back
> channel with the KeyCloak server?
>
> The client I am trying to configure is the MITREid client as per
> https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Token-Introspecting-Client-Config
>
> Looking at the code, the client will issue a post to the introspection
> endpoint with some form data:
>
> POST /auth/realms/myrealm/protocol/openid-connect/introspect HTTP/1.1
> Host: localhost:8080
> Cache-Control: no-cache
> Content-Type: application/x-www-form-urlencoded
>
> client_id=myapp&client_secret=mysupersecret&token=eyJhbGciO[trunkated but
> valid access token]
>
> Any pointers are much appreciated.
>
> Kind Regards,
> Niels
>
>
>
>

> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user