[keycloak-dev] token_introspection_endpoint == introspection_endpoint ? in .well-known/openid-configuration
Pedro Igor Silva
psilva at redhat.com
Mon Jan 14 06:29:03 EST 2019
introspection_endpoint was added to align with specs. While the
token_introspection_endpoint was kept to keep backward compatibility. We
should consider removing it in the future.
Created https://issues.jboss.org/browse/KEYCLOAK-9321.
On Mon, Jan 14, 2019 at 5:47 AM Stian Thorgersen <sthorger at redhat.com>
wrote:
> I'd say so. Token introspection endpoint is not listed in OpenID Connect
> Discovery, but is in OAuth Discovery as introspection_endpoint [1]. So we
> should remove token_introspection_endpoint.
>
> [1] https://tools.ietf.org/html/draft-ietf-oauth-discovery-06
>
> On Fri, 11 Jan 2019 at 15:24, Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>
> > Hello,
> >
> > I just noticed that the .well-known/openid-configuration contains 2 links
> > for the token_introspection_endpoint is this a bug?
> >
> > Cheers,
> > Thomas
> >
> > {
> > "issuer": "https://sso.example.com/auth/realms/master",
> > "authorization_endpoint": "
> > https://sso.example.com/auth/realms/master/protocol/openid-connect/auth
> ",
> > "token_endpoint": "
> > https://sso.example.com/auth/realms/master/protocol/openid-connect/token
> ",
> > * "token_introspection_endpoint": "
> >
> >
> https://sso.example.com/auth/realms/master/protocol/openid-connect/token/introspect
> > ",
> > "userinfo_endpoint": "
> >
> https://sso.example.com/auth/realms/master/protocol/openid-connect/userinfo
> > ",
> > "end_session_endpoint": "
> >
> https://sso.example.com/auth/realms/master/protocol/openid-connect/logout
> > ",
> > "jwks_uri": "
> > https://sso.example.com/auth/realms/master/protocol/openid-connect/certs
> ",
> > "check_session_iframe": "
> >
> >
> https://sso.example.com/auth/realms/master/protocol/openid-connect/login-status-iframe.html
> > ",
> > ...
> > "tls_client_certificate_bound_access_tokens": true,
> > * "introspection_endpoint": "
> >
> >
> https://sso.example.com/auth/realms/master/protocol/openid-connect/token/introspect
> > "
> > }
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list