[keycloak-user] Token introspection
venito camelas
robotirlandes at gmail.com
Tue Nov 22 08:11:29 EST 2016
Is it possible to have an app making token introspection requests for
tokens not issued for it? I'll try to explain:
Keycloak issues tokens to be used in a specific Resource server, the RS
then validates the token (self contained info or token introspection
endpoint). The situation is something like this:
1 3
--------------- KK---------------
| |
| 2 |
Client ----------------------------- RS
1 - Client gets token to use with RS
2 - Client uses token to make a request to RS
3 - RS makes a token introspection request
Now, I want to add a router in the middle, I'd like the router to make the
token introspection request (with the token issued for the RS) and then
allow to go to the RS if everything is ok:
1
--------------- KK---------------
| | |
| 3| |
| 2 | 4 |
Client ---------Router---------- RS
1 - Client gets token to use with RS
2 - Client uses token to make a request to RS
3 - Router intercepts the request and validates token (expiration and stuff
like that)
4 - If validation is ok, the router allows the request to go to the RS, the
RS then validates scopes and specific stuff.
Thank you
More information about the keycloak-user
mailing list