[keycloak-dev] OAuth2 JWT Secured Authorization Request (JAR)

Marek Posolda mposolda at redhat.com
Fri Feb 17 16:14:07 EST 2017


On 16/02/17 18:32, Pedro Igor Silva wrote:
> There is a spec for this already .... An OIDC one
> https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html.
And we already support that one on keycloak server side (no support in 
adapters ATM).

Marek
>
> On Thu, Feb 16, 2017 at 1:18 PM, Bill Burke <bburke at redhat.com> wrote:
>
>> I'm sure they'll create a POST binding next because the URLs will be too
>> big.
>>
>>
>> On 2/16/17 10:07 AM, Pedro Igor Silva wrote:
>>> Really interesting spec to improve security to authorization requests [1]
>>> sent to a AS.
>>>
>>> Any similarity with SAML is just coincidence :)
>>>
>>> [1] https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq
>>>
>>> Regards.
>>> Pedro Igor
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev




More information about the keycloak-dev mailing list