[keycloak-dev] Configurable signature algorithms

Stian Thorgersen sthorger at redhat.com
Wed Aug 22 02:45:48 EDT 2018


The use-case for separate is if the front-end app that is using id token
uses one algorithm, while back-ends who are using the access token expects
a different algorithm. Now, the question is how likely is that.

On Wed, 22 Aug 2018, 03:55 Sebastian Laskawiec, <slaskawi at redhat.com> wrote:

> Setting them separately seems more flexible to me. On the other hand, it
> is hard for me to imagine a use case where a client would use two different
> signature algorithms...
>
> +1 for having two separate options. We can always set them equal in the
> Admin Console if we wish.
>
> On Wed, Aug 22, 2018 at 2:12 AM Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> Currently, Keycloak always use RS256 both for access tokens and id tokens.
>> We're working on introducing support for more algorithms and the ability
>> to
>> change the default for a realm and also for a client.
>>
>> Now the question is should have we two options one for access token and
>> another for ID token. Or just one for both?
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>


More information about the keycloak-dev mailing list