[keycloak-dev] ID Token claims in Access Token and Refresh Token
Pedro Igor Silva
psilva at redhat.com
Wed Dec 3 06:28:11 EST 2014
I notice that too when trying to broker a KeyCloak server from another one.
Also, I think KC is missing OpenID Connect Discovery [1].
[1] http://openid.net/specs/openid-connect-discovery-1_0.html
----- Original Message -----
From: "Stian Thorgersen" <stian at redhat.com>
To: "keycloak dev" <keycloak-dev at lists.jboss.org>
Sent: Wednesday, December 3, 2014 5:55:24 AM
Subject: [keycloak-dev] ID Token claims in Access Token and Refresh Token
As AccessToken and RefreshToken extends IDToken they contain the ID Token claims. If I've read the spec correctly those claims should only be in the ID Token. There should also be a separate UserInfo endpoint which we're missing.
Is there a reason why AccessToken extends IDToken, or can we remove that?
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list