3:57 a.m.
I'm trying to expand my knowledge about Keycloak and OpenID Connect.
Is it necessary for a stateless REST webservice to be registered as a
client in Keycloak?
The token send to the REST service is signed, so the REST service could
verify the authenticity and validity of the token if it has the public key
of the keycloak server.
Why would there be any need for direct communication between the REST
service and Keycloak?
12:20 a.m.
You don't always need to register a client for a REST services, but it
needs to be registered if:
* You invoke token introspection endpoint
* You use authorization services
* You want to retrieve config for the adapter from Keycloak
* You want to assign client level roles to the service
But, if all you want is to verify the token you can skip registering in
Keycloak server.
On 1 November 2016 at 09:57, Robert . <robert.discussions(a)gmail.com> wrote:
I'm trying to expand my knowledge about Keycloak and OpenID
Connect.
Is it necessary for a stateless REST webservice to be registered as a
client in Keycloak?
The token send to the REST service is signed, so the REST service could
verify the authenticity and validity of the token if it has the public key
of the keycloak server.
Why would there be any need for direct communication between the REST
service and Keycloak?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2975
days inactive
2978
days old
1 comments
2 participants
participants (2)
-
Robert . -
Stian Thorgersen