[keycloak-dev] JWK

Bill Burke bburke at redhat.com
Thu Mar 12 10:50:39 EDT 2015


JWK shouldn't be transmitted with ID Token and/or access token by 
default is what I mean.  If I remember the specs correctly.  Bloats the 
tokens and requires more parsing time.

On 3/12/2015 10:45 AM, Stian Thorgersen wrote:
> It's required by OpenID Connect Discovery and is useful to 3rd party libraries, we'll need it to pass OIDC interoperability.
>
> Why should it not be enabled by default? It's just the public realm key in a reusable json format.
>
> We should have used JWK in keycloak.json files as well.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Thursday, 12 March, 2015 2:17:10 PM
>> Subject: [keycloak-dev] JWK
>>
>> Not sure why we have JWK support and I hope it is not on by default.
>> JWK is really only useful in the case where the client needs to identify
>> the key needed to use to decrypt or validate an ID token/access token.
>> In our implementation we do not have the ability to have different
>> signers.  This knowledge is expected to be provided in configuration.
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list