[keycloak-user] Token validation in keycloak in oauth with direct access.

Marek Posolda mposolda at redhat.com
Mon Mar 2 14:38:44 EST 2015


Hi,

when you send directAccess grant request it returns you accessToken and 
refreshToken. Access token is valid for short period of time (like 5 
minutes as you mentioned) and you can then refresh it with refreshToken 
for new tokens.

When you're sending request from "client webservice" to "other 
webservice", you can attach token into the request in HTTP header like 
"Authorization: Bearer you-access-token-is-here" . Then "other 
webservice" can be protected directly by our adapter and specified as 
"bearer only" client, or you can use RSATokenVerifier if you want to 
validate token manually in your application (in case you use adapters, 
it will do it for you).

See our demo example application for more details.

Marek

On 27.2.2015 21:47, Emil Posmyk wrote:
> Hello all
>
> I'm trying to validate downloaded earlier token (downloaded via oauth 
> application with direct access) and I found RSATokenVerifier. It's 
> working but this is only json validation and it is not checking same 
> token from user session which exist in memmory.
>
> It is possible to use same token and check it with existing in user 
> session (without clustering) ? I want to use the same token several 
> times (for example same token for 5 minutes). Token is sent from 
> client webservice to other webservice and last ws have to check token 
> wchich is sent from first webservice (must make sure that token is 
> correct - the same).
>
> I have doubt becouse I saw that always when I try to authenticate with 
> direct access token is new but not over 5 minutes.
>
>
> /
> regards/
> /--/
> /Emil Posmyk
> /
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150302/5eced728/attachment.html 


More information about the keycloak-user mailing list