[keycloak-dev] Token validator endpoint (for humans)

Pedro Igor Silva psilva at redhat.com
Thu Apr 5 11:09:20 EDT 2018


Nope :)

On Thu, Apr 5, 2018 at 12:03 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> I can see it being helpful in production for debugging purposes. It may
> also be helpful for application developers that are trying to figure out
> what's going on in their apps.
>
> Do you have any actual concerns about it being exposed rather than just
> because it's more stuff to expose ;)
>
> On 5 April 2018 at 16:58, Pedro Igor Silva <psilva at redhat.com> wrote:
>
>> To avoid additional endpoints that are not really part of the core
>> functionality. For demo and testing this is very helpful but in production
>> you don't want the server serving such requests and consuming resources.
>>
>> Treat as a "feature" seems more reasonable for me instead of always have
>> it available.
>>
>> On Thu, Apr 5, 2018 at 11:47 AM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> Just to add - we can easily make it a feature that can be
>>> enabled/disabled through the profile stuff, but was just curious to why you
>>> thought it would be needed to disable it.
>>>
>>> On 5 April 2018 at 16:45, Stian Thorgersen <sthorger at redhat.com> wrote:
>>>
>>>> Why?
>>>>
>>>> On 5 April 2018 at 16:23, Pedro Igor Silva <psilva at redhat.com> wrote:
>>>>
>>>>> Although very helpful, people may want to disable this when in
>>>>> production.
>>>>>
>>>>> On Thu, Apr 5, 2018 at 9:04 AM, Stian Thorgersen <sthorger at redhat.com>
>>>>> wrote:
>>>>>
>>>>>> I added an example token validator endpoint that I needed for some
>>>>>> demonstration purposes. Question would this be useful to add directly
>>>>>> to
>>>>>> Keycloak?
>>>>>>
>>>>>> It provides a simple form where you can paste in the base64 token. It
>>>>>> will
>>>>>> then output the header, claims and whether or not the token is valid.
>>>>>> It
>>>>>> uses realm keys to verify the signature so you don't have to paste
>>>>>> that in
>>>>>> manually (like you do on jwt.io).
>>>>>>
>>>>>> For those to lazy to try it out I've attached a screenshot.
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-dev mailing list
>>>>>> keycloak-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>


More information about the keycloak-dev mailing list