[keycloak-dev] WG: How to generate a token string in a custom keycloak extension?

Felix Peters peters at develop4edu.de
Tue Jan 23 10:46:44 EST 2018

Thanks for your quick response.

I try to implement a prototype of a password-free authenticator like it was mentioned in this thread: http://lists.jboss.org/pipermail/keycloak-user/2015-October/003387.html

My current approach is to create a token on a rest endpoint and validate this token in an custom authenticator.
It’s just a POV, but I think a ActionToken can do the job.

I was googleing around for an existing solution for password-free login with Keycloak, but could not found something like that.


Von: Thomas Darimont [mailto:thomas.darimont at googlemail.com]
Gesendet: Dienstag, 23. Januar 2018 15:48
An: Felix Peters <peters at develop4edu.de>
Cc: keycloak-dev at lists.jboss.org
Betreff: Re: [keycloak-dev] WG: How to generate a token string in a custom keycloak extension?

Hello Felix,

What's your use case?

Keycloak provides action tokens that permits its bearer to perform some actions, e. g. to reset a password or validate e-mail address.

Perhaps you could have a look at the action tokens SPI:

Keycloaks OIDC Tokens (AccessToken, RefreshToken, IDToken) are generated within org.keycloak.protocol.oidc.TokenManager and exposed
via the org.keycloak.protocol.oidc.endpoints.TokenEndpoint. Tokens can be verified via the org.keycloak.RSATokenVerifier.


2018-01-23 15:29 GMT+01:00 Felix Peters <peters at develop4edu.de<mailto:peters at develop4edu.de>>:

I'm pretty new to Keycloak development and at the moment I'm trying to develop some demo extensions to learn how SPI's an stuff like that work in Keycloak.

My Question is:
Is there a util- or helper-class which I can use to generate an secure token string in my extension code (pretty much the same as an oauth access or refresh token)?
I was not able to find something In the Keycloak code, but maybe there is something like that.
Thank you in advance,
Felix Peters

keycloak-dev mailing list
keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>

More information about the keycloak-dev mailing list