[keycloak-dev] Token validator endpoint (for humans)

Bill Burke bburke at redhat.com
Thu Apr 5 09:56:43 EDT 2018


I'll just switch to using that probably.

On Thu, Apr 5, 2018 at 9:48 AM, Stian Thorgersen <sthorger at redhat.com> wrote:
> We already have a realm resource provider which adds directly under realm
> (/auth/realms/<realm name>/<resource provider id>). See
> https://github.com/stianst/keycloak-experimental/blob/master/token-validation/src/main/java/org/keycloak/experimental/token/TokenValidatorFactory.java#L31.
>
> The URL for this thing is: /auth/realms/master/token-validator
>
> Perhaps we could extend the realm resource provider to allow not just adding
> directly under realms, but under any arbitrary path? Not sure if RestEasy
> allows that though.
>
> On 5 April 2018 at 15:41, Bill Burke <bburke at redhat.com> wrote:
>>
>> +1
>>
>> Question, how are you adding this endpoint?  Under ../protocol/oidc?
>>
>> The kubernetes integration needs a similar validation endpoint that
>> outputs a document that kubernetes consumes.  What I did is create an
>> entirely new protocol.  Maybe a protocol extension endpoint would be
>> better?
>>
>> Object createExtensionEndpoint(String providerId)
>>
>> The returned Object would be a JAX-RS sub resource.
>>
>> Then the base endpoint would be .../protocol/oidc/extensions/{provider-id}
>>
>>
>>
>> On Thu, Apr 5, 2018 at 8:04 AM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>> > I added an example token validator endpoint that I needed for some
>> > demonstration purposes. Question would this be useful to add directly to
>> > Keycloak?
>> >
>> > It provides a simple form where you can paste in the base64 token. It
>> > will
>> > then output the header, claims and whether or not the token is valid. It
>> > uses realm keys to verify the signature so you don't have to paste that
>> > in
>> > manually (like you do on jwt.io).
>> >
>> > For those to lazy to try it out I've attached a screenshot.
>> >
>> > _______________________________________________
>> > keycloak-dev mailing list
>> > keycloak-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>>
>> --
>> Bill Burke
>> Red Hat
>
>



-- 
Bill Burke
Red Hat


More information about the keycloak-dev mailing list