[keycloak-user] OpenID Connect support
Raghuram
prabhalar at yahoo.com
Thu Oct 30 16:15:56 EDT 2014
I tested with libraries based on Apache Oltu and even I noticed that realm name is being sent in the Idtoken under "iss". "aud" is null when I included multiple redirect Uris which is breaking the validation (as per openid spec). "azp" is not being sent (it is optional unless more than 1 client is registered) - expect that to be sent once I register two clients.
Used /account for userinfo end point that didn't work. Will provide more feedback as I continue to test
Fyi -My libraries were tested completely against a server implementation based on Mitre's open Id connect and they are good.
Sent from my iPhone
> On Oct 20, 2014, at 2:24 PM, Iván Perdomo <ivan at akvo.org> wrote:
>
> On Mon, 20 Oct 2014 13:57:44 -0400
> Bill Burke <bburke at redhat.com> wrote:
>
>> I thought the issuer was the realm. I guess its not....Also looks
>> like we'll need to have one URL to process all realm oidc requests as
>> the ISS is validated.
>>
>> Does this library offer any encryption/signature options for the ID
>> Token?
>
> The library validating the token is Google's OAuth Client Library
> [1][2], the piece of code calling that library [3]
>
> [1] https://code.google.com/p/google-oauth-java-client/
> [2]
> http://javadoc.google-oauth-java-client.googlecode.com/hg/1.19.0/com/google/api/client/auth/openidconnect/IdTokenVerifier.html
> [3]
> https://github.com/iperdomo/android-openid-connect-sample/blob/master/app/src/main/java/com/lnikkila/oidcsample/oidc/OIDCUtils.java#L156-L164
>
> --
> Iván
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list