[keycloak-dev] Invalid value for iss
Bill Burke
bburke at redhat.com
Wed Mar 25 10:12:41 EDT 2015
This requires changes to a lot of code. I started doing it once until I
realized how many files I would have to change.
On 3/25/2015 10:07 AM, Stian Thorgersen wrote:
> According to the spec 'iss' should be:
>
> REQUIRED. Issuer Identifier for the Issuer of the response. The iss value is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components
>
> However, we only use realm name. As that's invalid according to the spec (and also the same iss used for multiple KC servers) I propose we change it to:
>
> <AUTH URL>/realms/<REALM-NAME>
>
> For example:
>
> http://localhost:8080/realms/master
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list