[keycloak-dev] social/broker errors
Vlastimil Elias
velias at redhat.com
Wed Mar 25 10:56:13 EDT 2015
On 25.3.2015 14:57, Stian Thorgersen wrote:
> Had a quick look at it and seems Facebook and GitHub return access token response as form-url-encoded (access_token=<...>&foo=bar).
>
> Another thing I spotted was that I'm pretty sure we're not validating the SSL connection when sending requests to the IdPs. We should drop the SimpleHttp util I created and use something better (Apache or RestEasy) and make sure it's possible to setup a truststore). SimpleHttp was only created as we initially wanted the social lib to be a reusable lightweight lib, but now it's only for KC so there's no point in it and it's pretty crap for many reasons!
SimpleHttp uses common java HttpsURLConnection which by default
validates https certificates against common JVM truststore (typically
cacerts somewhere in java installation directory) as I know.
See
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/HttpsURLConnection.html
and
http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html
Vl.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 25 March, 2015 2:52:07 PM
>> Subject: [keycloak-dev] social/broker errors
>>
>> I'll look into all the social/broker errors and test out on all social
>> providers (again) after I finish up some logout work.
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Vlastimil Elias
Principal Software Engineer
jboss.org Development Team
More information about the keycloak-dev
mailing list