Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-1733

Adapters: support for authentication with bearer token sent in query param (or POST body)

    XMLWordPrintable

Details

    • Feature Request
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Done
    • 1.4.0.Final
    • 2.1.0.CR1
    • Adapter - JEE
    • None

    Description

      The specs is here http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html#query-param . We may need to add support for 2.2 and 2.3 .

      It might be useful for the scenarios like websockets, as javascript WebSockets doesn't seem to have a way to attach "Authorization: Bearer" header - http://stackoverflow.com/questions/4361173/http-headers-in-websockets-client-api .

      Not sure if it should be enabled by default or just on demand (There are some security implications for sending token in query param. See the specs). Maybe we can support authentication through token in query parameter just for HTTP Upgrade requests.

      Attachments

        Activity

          People

            Unassigned Unassigned
            mposolda@redhat.com Marek Posolda
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: