[keycloak-dev] WG: How to generate a token string in a custom keycloak extension?

Hynek Mlnarik hmlnarik at redhat.com
Wed Jan 24 07:09:18 EST 2018

This should be relatively straightforward by using action token SPI: REST
endpoint would issue the custom action token, then action token handler
would set up the authentication session accordingly. In case you want
deeper integration of the action token flow with authentication flow, check


On Tue, Jan 23, 2018 at 4:46 PM, Felix Peters <peters at develop4edu.de> wrote:

> Thanks for your quick response.
> I try to implement a prototype of a password-free authenticator like it
> was mentioned in this thread: http://lists.jboss.org/
> pipermail/keycloak-user/2015-October/003387.html
> My current approach is to create a token on a rest endpoint and validate
> this token in an custom authenticator.
> It’s just a POV, but I think a ActionToken can do the job.
> I was googleing around for an existing solution for password-free login
> with Keycloak, but could not found something like that.
> Greeting,
> Felix
> Von: Thomas Darimont [mailto:thomas.darimont at googlemail.com]
> Gesendet: Dienstag, 23. Januar 2018 15:48
> An: Felix Peters <peters at develop4edu.de>
> Cc: keycloak-dev at lists.jboss.org
> Betreff: Re: [keycloak-dev] WG: How to generate a token string in a custom
> keycloak extension?
> Hello Felix,
> What's your use case?
> Keycloak provides action tokens that permits its bearer to perform some
> actions, e. g. to reset a password or validate e-mail address.
> Perhaps you could have a look at the action tokens SPI:
> http://www.keycloak.org/docs/3.3/server_development/topics/
> action-token-spi.html
> Keycloaks OIDC Tokens (AccessToken, RefreshToken, IDToken) are generated
> within org.keycloak.protocol.oidc.TokenManager and exposed
> via the org.keycloak.protocol.oidc.endpoints.TokenEndpoint. Tokens can be
> verified via the org.keycloak.RSATokenVerifier.
> Cheers,
> Thomas
> 2018-01-23 15:29 GMT+01:00 Felix Peters <peters at develop4edu.de<mailto:
> peters at develop4edu.de>>:
> Hi,
> I'm pretty new to Keycloak development and at the moment I'm trying to
> develop some demo extensions to learn how SPI's an stuff like that work in
> Keycloak.
> My Question is:
> Is there a util- or helper-class which I can use to generate an secure
> token string in my extension code (pretty much the same as an oauth access
> or refresh token)?
> I was not able to find something In the Keycloak code, but maybe there is
> something like that.
> Thank you in advance,
> Felix Peters
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list