[keycloak-user] Need input on KEYCLOAK-4765
John D. Ament
john.d.ament at gmail.com
Wed Apr 19 19:55:22 EDT 2017
Hi
I was wondering if others had some input for me on
https://issues.jboss.org/browse/KEYCLOAK-4765 ?
In my use case, we have parts of our app that already use the query param
"access_token". These values are not a RSA signed bearer. I've locally
modified the client adapter code to disable checking for this header, per
deployment. I'm not sure that's the right approach. Would it make more
sense to ignore invalid access_tokens in Keycloak (and make that
configurable)? Or other ideas?
John
More information about the keycloak-user
mailing list