[keycloak-dev] Cross Client Use case
Bill Burke
bburke at redhat.com
Mon Apr 13 09:37:49 EDT 2015
Our tokens are JsonWebSignatures. If the other applications have the
public key of the realm, they can verify those signatures. Keycloak
also has a remote validation URL which you can send a token to.
/auth/realms/{realm}/protocol/openid-connect/validate?access_token={token}
On 4/12/2015 6:58 AM, Raghu Prabhala wrote:
> We have a use case similar to the one listed in the below url -
> basically once a user is authenticated, a client application after
> receiving the tokens from the Provider, shares the tokens with a few
> other applications that are in a group. The other client applications
> should be able to verify the tokens without requiring any more user
> interaction. In the OIDC world, unfortunately, the aud parameter has the
> clientid of the first app only and it will fail validation by the other
> apps. So, is there any way this can be handled in KC?
>
> https://developers.google.com/identity/protocols/CrossClientAuth
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list