[keycloak-dev] Token validator endpoint (for humans)
Stian Thorgersen
sthorger at redhat.com
Thu Apr 5 09:48:27 EDT 2018
We already have a realm resource provider which adds directly under realm
(/auth/realms/<realm name>/<resource provider id>). See
https://github.com/stianst/keycloak-experimental/blob/master/token-validation/src/main/java/org/keycloak/experimental/token/TokenValidatorFactory.java#L31
.
The URL for this thing is: /auth/realms/master/token-validator
Perhaps we could extend the realm resource provider to allow not just
adding directly under realms, but under any arbitrary path? Not sure if
RestEasy allows that though.
On 5 April 2018 at 15:41, Bill Burke <bburke at redhat.com> wrote:
> +1
>
> Question, how are you adding this endpoint? Under ../protocol/oidc?
>
> The kubernetes integration needs a similar validation endpoint that
> outputs a document that kubernetes consumes. What I did is create an
> entirely new protocol. Maybe a protocol extension endpoint would be
> better?
>
> Object createExtensionEndpoint(String providerId)
>
> The returned Object would be a JAX-RS sub resource.
>
> Then the base endpoint would be .../protocol/oidc/extensions/{provider-id}
>
>
>
> On Thu, Apr 5, 2018 at 8:04 AM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
> > I added an example token validator endpoint that I needed for some
> > demonstration purposes. Question would this be useful to add directly to
> > Keycloak?
> >
> > It provides a simple form where you can paste in the base64 token. It
> will
> > then output the header, claims and whether or not the token is valid. It
> > uses realm keys to verify the signature so you don't have to paste that
> in
> > manually (like you do on jwt.io).
> >
> > For those to lazy to try it out I've attached a screenshot.
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
> --
> Bill Burke
> Red Hat
>
More information about the keycloak-dev
mailing list