[keycloak-dev] dynamic client registration fixed registration access tokens

Sven Thoms sven.thoms at gmail.com
Wed Jan 4 09:42:02 EST 2017

The registration access token changes compared to POST request return at

even in case of health check GET response at /clients-registrations/[

That is ok for now,  the code calling ClientRegistrationUtils.

We found a way in our application to extract the changing registration
access token.

I agree though that having an option for keeping the registration access
token constant or supporting the last two as valid would be great.

Am 04.01.2017 1:17 nachm. schrieb "Stian Thorgersen" <sthorger at redhat.com>:

> For health checks do a get which doesn't change the registration access
> token. Only updates do.
> It's not possible to currently keep the registration access token, but we
> should be able to add an option to do so. Supporting last two registration
> access tokens might be a good compromise as that would allow retrying the
> previous one in the event of a failure, but still allow detecting if the
> token is leaked.
> On 4 January 2017 at 13:03, Sven Thoms <sven.thoms at gmail.com> wrote:
>> Hello
>> For client registration health checks and subsequent request resiliency
>> (what if answer with registration access token does not arrive),  is it
>> possible to keep the registration access token permanent and unchanging,
>> once client is registered ?
>> Regards
>> Sven
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list