[keycloak-dev] Implementing database-service example in Python

Stian Thorgersen stian at redhat.com
Mon Aug 17 04:01:04 EDT 2015



----- Original Message -----
> From: "Vinay Anantharaman" <vinayan3 at gmail.com>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Friday, 14 August, 2015 9:42:39 PM
> Subject: Re: [keycloak-dev] Implementing database-service example in Python
> 
> I'll be looking into this and will report back if a library exists for Python
> to read JWT tokens.
> 
> I was wondering is there an API on the KeyCloak server for doing JWT token
> verification? Or rather should we decode the token and use the REST admin
> endpoints if we need to query more information?

There is a rest endpoint that can be used to verify a token, but that requires a request to KC. As the token is signed it's better to just check it locally as it reduces the amount of request to Keycloak.

> 
> 
> Vinay
> 
> On Thu, Aug 13, 2015 at 9:05 AM, Bill Burke < bburke at redhat.com > wrote:
> 
> 
> If you're interested in becoming a contributor Vinay, this would be a
> very useful extension!
> 
> BTW, we also have a "lightweight" Java Security HTTP Proxy based on
> Undertow that you can use to secure python apps.
> 
> On 8/13/2015 2:00 AM, Stian Thorgersen wrote:
> > Afraid we don't have any libraries for Python yet.
> > 
> > Simply verifying the token should be relatively straight forward though.
> > It's a standard JWT token (base64 encoded json) with a JWS signature. You
> > can look at RSATokenVerifier to see what details should be verified
> > (expiration date, issuer, etc..). You also need to verify the signature.
> > There may quite likely be JWT libraries for Python you can use.
> > 
> > ----- Original Message -----
> >> From: "Vinay Anantharaman" < vinayan3 at gmail.com >
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Thursday, 13 August, 2015 12:21:01 AM
> >> Subject: [keycloak-dev] Implementing database-service example in Python
> >> 
> >> Hi,
> >> I'm trying to implement the example database service from Python. The
> >> description is here:
> >> 
> >> 
> >> 
> >> https://github.com/keycloak/keycloak/tree/master/examples/demo-template
> >> 
> >> Our backend service is contacted directly by clients with an access token
> >> from the Keycloak server. We would like to verify access tokens are and
> >> then
> >> return some data they need. I was looking at the code here:
> >> 
> >> 
> >> 
> >> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/database-
> >> service/src/main/java/org/keycloak/example/oauth/CustomerService.java
> >> 
> >> In Java this seems quite trivial with the support of Keycloak libraries.
> >> In
> >> Python I won't have them. What are the APIs on Keycloak I can use to
> >> verify
> >> an access token? Furthermore, are you aware of any classes like
> >> RSATokenVerifier for python? I saw it being used here:
> >> 
> >> 
> >> 
> >> https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java#L319
> >> 
> >> Thanks,
> >> 
> >> 
> >> Vinay Anantharaman
> >> 
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > 
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 
> 
> 
> --
> Vinay Anantharaman
> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list