[keycloak-dev] Keycloak as OAuth 2 compliant authorization server?

Bill Burke bburke at redhat.com
Tue Aug 27 15:50:19 EDT 2013



On 8/27/2013 3:22 PM, Matt Wringe wrote:
> On 27/08/13 02:20 PM, Bill Burke wrote:
>> Well, you need to remember that OAuth 2 is a framework and not a
>> complete protocol.  The actual authentication part with the auth server
>> is the most "flexible" part of the API.  I'd like to follow it as
>> closely as possible though.
>
> Yep, agreed. OAuth does not provide a complete protocol and leaves a lot
> of stuff to the implementors to decide. It also makes a lot of stuff
> optional and allows for custom extensions. It does however clearly
> defined some areas and provides a defined protocol for them.
>
> Unfortunately we are not exactly in line with the specification in all
> areas and would need to make some changes to become compliant.
>
> I am assuming that trying to 'follow it as closely as possible' means we
> do want to be compliant and that issues should be filled where it does
> not follow the defined sections?
>

What sections do you mean?

Bill

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list