[keycloak-dev] feature request

Stian Thorgersen sthorger at redhat.com
Tue Oct 11 12:45:44 EDT 2016


Rather than hacking Keycloak you should figure out why your token audience
doesn't match. For a token to be valid it has to been issued by the same
server URL and realm. It's an important check and we wouldn't accept a
feature that prevents it.

On 11 October 2016 at 17:07, Mátyás Bachorecz <bachoreczm at gmail.com> wrote:

> Hi,
>
> we have a multi-component project, and all components running in one
> machine, also Keycloak.
> We would like to obtain token via curl, and our components would like to
> validate it, but they can't, because we've got:
> "Token audience doesn't match domain. Token issuer is " + token.getIssuer()
> + ", but URL from configuration is " + realmUrl (RSATokenVerifier.java)
>
> I would like to implement a new feature: a new checkbox or something else
> to realm settings page, which can switch off the above mentioned feature.
> I've read that I should write an email here if I would like to implement
> something. Is it ok, or how it works?
>
> Br,
> Matyi
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list