[keycloak-dev] make sending a request object mandatory for certain clients

Aron Bustya aron.bustya.js at gmail.com
Tue Mar 6 14:13:17 EST 2018


Hello!

Can I get some reaction to this? (The community guidelines say I need to
ask around before sending pull requests.)

Regards,
Áron Bustya

On 2 December 2017 at 04:44, Aron Bustya <aron.bustya.js at gmail.com> wrote:

> Hi!
>
> I have a use case where the server must accept authorization requests only
> when they contain a signed request object (should be configurable per
> client).
>
> I have found a way to make the signing of the request object mandatory by
> specifying a 'request.object.signature.alg' attribute on the client, but
> this only applies if a request object exists in the first place.
>
> I would like to propose a pull request: It defines a new client attribute
> 'request.object.required'. If this is set to 'true', the client must send a
> request object when initiating an authorization request.
>
> Current code can be checked here: https://github.com/abustya/
> keycloak/commit/476912906a3ad0d290220a1f54abee073dba687a
>
> What do you think?
>
> Regards,
> Áron Bustya
>


More information about the keycloak-dev mailing list