-
Task
-
Resolution: Done
-
Major
-
None
-
None
We are using keycloak-core library for handling parsing of access tokens / refresh tokens / jwks. When parsing access tokens the library assumes types of standard claims according to OAuth 2.0 / OIDC 1.0 and associated spec drafts. Some of the associated spec drafts have not been finalised and are implemented differently (incompatibly) by different authorization server implementations.
We need to either find a way to ignore such incompatibilites during token parsing (possibly through patches to keycloak-core library) or switch to a different library altogether that would allow us that.
- is related to
-
ENTMQST-2802 [DOC OCP] Document OAuth improvements for 1.8
- Closed