[keycloak-user] WebSockets
Juraci Paixão Kröhling
juraci at kroehling.de
Wed Aug 5 09:04:30 EDT 2015
On 08/05/2015 01:52 PM, Marek Posolda wrote:
> Doing at the beginning of the connection might be easy. We may just need
> to add support to adapters for authentication via bearer token sent in
> URL query parameter or in the POST body. There is also specs for it
> http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html#query-param
The main problem with this is that a token might be valid at the time
the connection is made, but might not be valid after some time, while
the socket is still opened. So, a socket that was opened with a session
that just expired would still be open.
Perhaps undertow provides something that would allow the adapter to
close sockets whose tokens are not valid anymore?
- Juca.
More information about the keycloak-user
mailing list