[keycloak-dev] 1.1 adapters no longer backward compatible

Bill Burke bburke at redhat.com
Thu Oct 30 08:34:31 EDT 2014


I didn't do it because I'm not sure yet what the URL should be or that I 
even want it to be a URL.  Some oidc libraries seem to have the option 
to validate that the ISS url is the same URL they forwarded the browser 
to.  I don't like that idea at all.  All the OIDC spec says is that the 
issuer must be an HTTPS url that uniquely identifies the issuer of the 
IDToken.

On 10/30/2014 2:51 AM, Stian Thorgersen wrote:
> Should we fix iss to return the "realm" url at the same time?
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 29 October, 2014 9:02:24 PM
>> Subject: [keycloak-dev] 1.1 adapters no longer backward compatible
>>
>> Because of this bug:
>>
>> https://issues.jboss.org/browse/KEYCLOAK-767
>>
>> I changed the aud to point ot clientid and iss to be the realm name.
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list