[keycloak-dev] Token validator endpoint (for humans)
Pedro Igor Silva
psilva at redhat.com
Thu Apr 5 10:58:05 EDT 2018
To avoid additional endpoints that are not really part of the core
functionality. For demo and testing this is very helpful but in production
you don't want the server serving such requests and consuming resources.
Treat as a "feature" seems more reasonable for me instead of always have it
available.
On Thu, Apr 5, 2018 at 11:47 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:
> Just to add - we can easily make it a feature that can be enabled/disabled
> through the profile stuff, but was just curious to why you thought it would
> be needed to disable it.
>
> On 5 April 2018 at 16:45, Stian Thorgersen <sthorger at redhat.com> wrote:
>
>> Why?
>>
>> On 5 April 2018 at 16:23, Pedro Igor Silva <psilva at redhat.com> wrote:
>>
>>> Although very helpful, people may want to disable this when in
>>> production.
>>>
>>> On Thu, Apr 5, 2018 at 9:04 AM, Stian Thorgersen <sthorger at redhat.com>
>>> wrote:
>>>
>>>> I added an example token validator endpoint that I needed for some
>>>> demonstration purposes. Question would this be useful to add directly to
>>>> Keycloak?
>>>>
>>>> It provides a simple form where you can paste in the base64 token. It
>>>> will
>>>> then output the header, claims and whether or not the token is valid. It
>>>> uses realm keys to verify the signature so you don't have to paste that
>>>> in
>>>> manually (like you do on jwt.io).
>>>>
>>>> For those to lazy to try it out I've attached a screenshot.
>>>>
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>
>>>
>>
>
More information about the keycloak-dev
mailing list