[keycloak-user] Access token customization per client
GESLIN Fabrice
fabrice.geslin-prestataire at laposte.fr
Wed Jun 19 07:31:24 EDT 2019
Hi,
Thanks for the quick answer.
This is mainly for security purpose.
I will follow the advice and contact Takashi and Marek
Regards,
Fabrice Geslin
-----Message d'origine-----
De : Dmitry Telegin [mailto:demetrio at carretti.pro]
Envoyé : mercredi 19 juin 2019 13:25
À : GESLIN Fabrice <fabrice.geslin-prestataire at laposte.fr>; keycloak-user at lists.jboss.org
Objet : Re: [keycloak-user] Access token customization per client
Hello Fabrice,
Just wondering if you want this feature to minimize token size, or rather for security purposes? If latter, just FYI, there's an ongoing effort to implement encrypted tokens [1].
At the moment, there are plans to do encrypted ID tokens only, but you can approach Takashi and Marek and discuss if that could be applied to access tokens too.
[1] https://github.com/keycloak/keycloak/pull/5779
Good luck,
Dmitry Telegin
Carretti Consulting OÜ | Keycloak Consulting and Training Sepapaja 6, Tallinn 15551, Estonia | info at carretti.pro
On Wed, 2019-06-19 at 08:00 +0000, GESLIN Fabrice wrote:
> Hi,
>
> Is there a way to customize the content of the access token that is delivered to client applications ?
>
> This question is an attempt to revive this old thread: https://lists.jboss.org/pipermail/keycloak-user/2016-February/004784.html .
>
> The idea is to deliver basic JWT access tokens to public clients.
> This token can be exchanged later on at the resource server level with a full-fledged JWT.
>
> Regards,
>
> Fabrice Geslin
>
> Groupe La Poste
>
> Post-scriptum La Poste
>
> Ce message est confidentiel. Sous reserve de tout accord conclu par
> ecrit entre vous et La Poste, son contenu ne represente en aucun cas
> un engagement de la part de La Poste. Toute publication, utilisation ou diffusion, meme partielle, doit etre autorisee prealablement. Si vous n'etes pas destinataire de ce message, merci d'en avertir immediatement l'expediteur.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
Post-scriptum La Poste
Ce message est confidentiel. Sous reserve de tout accord conclu par
ecrit entre vous et La Poste, son contenu ne represente en aucun cas un
engagement de la part de La Poste. Toute publication, utilisation ou
diffusion, meme partielle, doit etre autorisee prealablement. Si vous
n'etes pas destinataire de ce message, merci d'en avertir immediatement l'expediteur.
More information about the keycloak-user
mailing list