[keycloak-user] OAuth token introspection
Jason B
jason at naidmincloud.com
Thu Jan 26 23:52:23 EST 2017
Hi,
I am trying to understand the OAuth 2.0 capabilities of Keycloak server and
I have a few questions with respective to the implementation of OAuth
introspection spec.
This is how a sample introspection response looking like
{
"jti": "7e0a2c4b-9725-432b-a0fd-594f21686108",
"exp": 1485492229,
"nbf": 0,
"iat": 1485491929,
"iss": "http://localhost:8080/auth/realms/nkadali",
"aud": "proxy",
"sub": "e89175d5-94fd-453a-8abb-9953d59d04cf",
"typ": "Bearer",
"azp": "proxy",
"auth_time": 1485487408,
"session_state": "c05ea410-6f0a-458d-9b2c-debafba732b7",
"name": "",
"preferred_username": "jason",
"acr": "0",
"client_session": "5d761332-97eb-404d-8624-3de4eca967cd",
"allowed-origins": [],
"realm_access": {
"roles": [
"uma_authorization"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"view-profile"
]
}
},
"client_id": "proxy",
"username": "jason",
"active": true
}
I have two question based on this response.
1. According to the OAuth OAuth 2.0 Token Introspection (
https://tools.ietf.org/html/rfc7662) the json response body may contain
"token_type" member. But why keycloak representing "token_type" as "typ"?
Is there any specific reason?
2. I don't see any "scope" attribute in the response body even though I
supplied scope parameter while requesting for the access token. Any idea on
how to get scopes associated with the supplied access token?
Thanks!
More information about the keycloak-user
mailing list