[keycloak-user] Token Validation
Bill Burke
bburke at redhat.com
Fri Dec 11 09:28:20 EST 2015
You want to write a PHP adapter? You can either validate the token
yourself, or invoke the Keycloak REst service to validate it for you.
Keycloak tokens are Json Web Signatures (JWS).
https://tools.ietf.org/html/rfc7515
The content of this signature is a Keycloak extension of Json Web Token:
http://jwt.io/
We have all the standard fields, with additional ones for role mappings
and group membership depending on how you've configured the client in
the admin console.
As for CORS this is something your PHP adapter has to handle. You can
configure the Keycloak token to embed what origins are allowed, but the
adapter has to handle setting all the appropriate headers.
BTW, we would definitely welcome a PHP adapter contribution!
On 12/11/2015 3:30 AM, Brian Thai wrote:
> Hi All,
>
> I have just started to work with keycloak 1.7.0 and I have a PHP rest
> service that I want to write an adapter for. I have read the docs and
> the code but I don't understand how the token is validated from the rest
> service.
>
> I understand that with a js client they would be redirected to keycloak
> to obtain an access token which will be passed to my rest api. At that
> point I should validate the token, and I see that keycloak provides a
> rest endpoint for validation:
> http://docs.jboss.org/keycloak/docs/1.0-rc-1/rest-api/realms/%7Brealm%7D/tokens/validate/index.html
>
> I get held from cors because the realm itself does not have
> configuration for setting the 'Access-Control-Allow-Origin' header. Can
> anyone point me in the right direction?
>
> Thanks,
> -Brian
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list