[keycloak-user] token introspection
Lucian Ochian
okianl at yahoo.com
Tue Aug 8 12:17:54 EDT 2017
Simon,
Do you have a demo app with that? I am just curious to see a spring(boot) app with authorizations...I remember that I tried something with authorizations, and the authorization context was null(I know there are some Jira issues about it), but I still could not get it to work in 2.5.5
AuthorizationContext authzContext =
keycloakSecurityContext.getAuthorizationContext();
Thanks,Lucian
On Tuesday, August 8, 2017, 10:25:35 AM CDT, Simon Payne <simonpayne58 at gmail.com> wrote:
yes correct.
there is a definite change in behavior with the addition of the
keycloak.policy-enforcer-config.online-introspection=true flag, as without
this single line in my property file it works correctly as a bearer only
resource server. Addition of this line results in the incorrect call to
token exchange endpoint.
thanks
On Tue, Aug 8, 2017 at 3:28 PM, Bill Burke <bburke at redhat.com> wrote:
> Doesn't look like the switch is hooked up to anything. As it is, it
> looks like this switch was added for RPT validation, not access token
> validation, and not ever implemented. You just want the adapter to
> validate the access token with the auth server for bearer token
> requests, right?
>
>
> On 8/8/17 9:29 AM, Bill Burke wrote:
> > I'm looking at the code on server and I dont' see that it requires any
> > special switch to use it. The endpoint is:
> >
> > @Post
> >
> > /auth/realms/{realm}/protocol/openid-connect/token/introspect
> >
> > Takes form params.
> >
> > token
> >
> > token_type_hint (optional and defaults to "access_token")
> >
> >
> >
> >
> >
> > On 8/8/17 4:31 AM, Simon Payne wrote:
> >> after some debugging i figured that
> >> keycloak.policy-enforcer-config.online-introspection=true switched on
> this
> >> functionality, however it appears to error on a 400 after making a call
> to
> >> the /auth/realms/master/protocol/openid-connect/token endpoint.
> >>
> >> I'm assuming this is a bug?
> >>
> >> Thanks
> >>
> >>
> >>
> >> On Mon, Aug 7, 2017 at 3:10 PM, Simon Payne <simonpayne58 at gmail.com>
> wrote:
> >>
> >>> Hi All,
> >>>
> >>> I'm evaluating keycloak and i'm currently looking at token
> introspection.
> >>>
> >>> I've managed to achieve this manually, i.e. by sending a post via
> postman,
> >>> but i'm unable to figure out whether this can be achieved via the
> keycloak
> >>> adapters, specifically spring boot.
> >>>
> >>> any help in this area would be appreciated.
> >>>
> >>> thanks
> >>>
> >>> Simon.
> >>>
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list