[keycloak-dev] dynamic client registration fixed registration access tokens
Sven Thoms
sven.thoms at gmail.com
Wed Jan 4 09:42:02 EST 2017
The registration access token changes compared to POST request return at
/clients-registrations/openid-connect
even in case of health check GET response at /clients-registrations/[
client_ID]
That is ok for now, the code calling ClientRegistrationUtils.
updateRegistrationAccessToken.
We found a way in our application to extract the changing registration
access token.
I agree though that having an option for keeping the registration access
token constant or supporting the last two as valid would be great.
Am 04.01.2017 1:17 nachm. schrieb "Stian Thorgersen" <sthorger at redhat.com>:
> For health checks do a get which doesn't change the registration access
> token. Only updates do.
>
> It's not possible to currently keep the registration access token, but we
> should be able to add an option to do so. Supporting last two registration
> access tokens might be a good compromise as that would allow retrying the
> previous one in the event of a failure, but still allow detecting if the
> token is leaked.
>
> On 4 January 2017 at 13:03, Sven Thoms <sven.thoms at gmail.com> wrote:
>
>> Hello
>>
>> For client registration health checks and subsequent request resiliency
>> (what if answer with registration access token does not arrive), is it
>> possible to keep the registration access token permanent and unchanging,
>> once client is registered ?
>>
>> Regards
>>
>> Sven
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
More information about the keycloak-dev
mailing list