[keycloak-user] keycloak 1.3.1 OpenID Connect token introspection url

Niels Bertram nielsbne at gmail.com
Mon Jun 29 11:30:51 EDT 2015


Hi there,

I am trying to configure a server side (RP) client which requires a JWT
introspection URL on the OP. I tried to find such endpoint on the KeyCloak
server without avail neither did I actually find any url of type
"introspect" in the OpenID Connect Specification.

Does anyone know if/how a OAuth2 client can validate a JWT token via a back
channel with the KeyCloak server?

The client I am trying to configure is the MITREid client as per
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Token-Introspecting-Client-Config

Looking at the code, the client will issue a post to the introspection
endpoint with some form data:

POST /auth/realms/myrealm/protocol/openid-connect/introspect HTTP/1.1
Host: localhost:8080
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded

client_id=myapp&client_secret=mysupersecret&token=eyJhbGciO[trunkated but
valid access token]

Any pointers are much appreciated.

Kind Regards,
Niels
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150630/e47e0aa2/attachment.html 


More information about the keycloak-user mailing list