[keycloak-user] Access token customization per client

GESLIN Fabrice fabrice.geslin-prestataire at laposte.fr
Wed Jun 19 07:31:24 EDT 2019


Hi,

Thanks for the quick answer.

This is mainly for security purpose.

I will follow the advice and contact Takashi and Marek

Regards,

Fabrice Geslin

-----Message d'origine-----
De : Dmitry Telegin [mailto:demetrio at carretti.pro] 
Envoyé : mercredi 19 juin 2019 13:25
À : GESLIN Fabrice <fabrice.geslin-prestataire at laposte.fr>; keycloak-user at lists.jboss.org
Objet : Re: [keycloak-user] Access token customization per client

Hello Fabrice,

Just wondering if you want this feature to minimize token size, or rather for security purposes? If latter, just FYI, there's an ongoing effort to implement encrypted tokens [1].

At the moment, there are plans to do encrypted ID tokens only, but you can approach Takashi and Marek and discuss if that could be applied to access tokens too.

[1] https://github.com/keycloak/keycloak/pull/5779

Good luck,
Dmitry Telegin

Carretti Consulting OÜ | Keycloak Consulting and Training Sepapaja 6, Tallinn 15551, Estonia | info at carretti.pro

On Wed, 2019-06-19 at 08:00 +0000, GESLIN Fabrice wrote:
> Hi,
> 
> Is there a way to customize the content of the access token that is delivered to client applications ?
> 
> This question is an attempt to revive this old thread: https://lists.jboss.org/pipermail/keycloak-user/2016-February/004784.html .
> 
> The idea is to deliver basic JWT access tokens to public clients.
> This token can be exchanged later on at the resource server level with a full-fledged JWT.
> 
> Regards,
> 
> Fabrice Geslin
> 
> Groupe La Poste
> 
> Post-scriptum La Poste
> 
> Ce message est confidentiel. Sous reserve de tout accord conclu par 
> ecrit entre vous et La Poste, son contenu ne represente en aucun cas 
> un engagement de la part de La Poste. Toute publication, utilisation ou diffusion, meme partielle, doit etre autorisee prealablement. Si vous n'etes pas destinataire de ce message, merci d'en avertir immediatement l'expediteur.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


Post-scriptum La Poste

Ce message est confidentiel. Sous reserve de tout accord conclu par
ecrit entre vous et La Poste, son contenu ne represente en aucun cas un
engagement de la part de La Poste. Toute publication, utilisation ou
diffusion, meme partielle, doit etre autorisee prealablement. Si vous
n'etes pas destinataire de ce message, merci d'en avertir immediatement l'expediteur.



More information about the keycloak-user mailing list