[keycloak-dev] JWK

Stian Thorgersen stian at redhat.com
Thu Mar 12 10:45:04 EDT 2015


It's required by OpenID Connect Discovery and is useful to 3rd party libraries, we'll need it to pass OIDC interoperability. 

Why should it not be enabled by default? It's just the public realm key in a reusable json format.

We should have used JWK in keycloak.json files as well.

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Thursday, 12 March, 2015 2:17:10 PM
> Subject: [keycloak-dev] JWK
> 
> Not sure why we have JWK support and I hope it is not on by default.
> JWK is really only useful in the case where the client needs to identify
> the key needed to use to decrypt or validate an ID token/access token.
> In our implementation we do not have the ability to have different
> signers.  This knowledge is expected to be provided in configuration.
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list