[keycloak-dev] JWK

Bill Burke bburke at redhat.com
Thu Mar 12 11:08:09 EDT 2015



On 3/12/2015 10:56 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Thursday, 12 March, 2015 3:50:39 PM
>> Subject: Re: [keycloak-dev] JWK
>>
>> JWK shouldn't be transmitted with ID Token and/or access token by
>> default is what I mean.  If I remember the specs correctly.  Bloats the
>> tokens and requires more parsing time.
>
> That's how we sign the access token isn't it? Is there an option to include it in the token itself?
>

You don't need to store JWK information in the JWS header of the access 
token because the adapter only works with one realm and one public realm 
key.  We're not doing certificate chains either.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list