Evaluate ID-Token and UserInfo-Endpoint

658 views
Skip to first unread message

Fesenmeyer Daniel (IOC/PAU2)

unread,
Mar 1, 2021, 8:54:26 AM3/1/21
to keyclo...@googlegroups.com

Hello Keycloak Developers,

 

One of our customers uses the “Evaluate” functionality of the “Client Scopes” tab in order to test Access Tokens.

But in addition to testing Access Tokens, he also likes to test ID tokens and the UserInfo-Endpoint.

 

We have not found such functionality in Keycloak, neither in the UI nor in the API. We also had a look into the Keycloak tickets (https://issues.redhat.com/projects/KEYCLOAK), but did not find a ticket on this topic.

 

Our customer suggests to add two additional tabs “Generated ID Token” and “Generated User Info” right of the already existing “Generated Access Token” tab.

These tabs would get their data from additional REST endpoints similar to the already existing endpoint for access token testing (GET /{realm}/clients/{id}/evaluate-scopes/generate-example-access-token):

·         GET /{realm}/clients/{id}/evaluate-scopes/generate-example-id-token

·         GET /{realm}/clients/{id}/evaluate-scopes/generate-example-userinfo

 

What do you think about such a feature?

We would be happy to create a feature request ticket and provide a corresponding PR.

 

Mit freundlichen Grüßen / Best regards

Daniel Fesenmeyer

Bosch IoT Permissions - Product Area User Management (IOC/PAU-PM)
Bosch.IO GmbH | Ziegelei 7 | 88090 Immenstaad | GERMANY | www.bosch.io
Tel. +49 7545 202-360 | Telefax +49 7545 202-301 | Daniel.F...@bosch.io

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Dr. Aleksandar Mitrovic, Yvonne Reckling

Thomas Darimont

unread,
Mar 1, 2021, 9:58:43 AM3/1/21
to Fesenmeyer Daniel (IOC/PAU2), keyclo...@googlegroups.com
Hello Daniel, 

sounds good to me. I often use the access-token preview feature from the admin-console in combination with my own admin-ui for ID token / userinfo preview as you described.
Having this support directly in the admin-console would make demos and quick claim mapping tests much easier.

Cheers,
Thomas

--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/6549f3f8fbdc47e781ad7f5be65028ce%40bosch.io.

Fesenmeyer Daniel (IOC/PAU2)

unread,
Mar 2, 2021, 8:57:15 AM3/2/21
to Thomas Darimont, keyclo...@googlegroups.com

Hello all,

 

I’ve created a ticket now: https://issues.redhat.com/browse/KEYCLOAK-17284

We will start working on a PR in the next days.

 

Mit freundlichen Grüßen / Best regards

Daniel Fesenmeyer

Bosch IoT Permissions - Product Area User Management (IOC/PAU-PM)
Bosch.IO GmbH | Ziegelei 7 | 88090 Immenstaad | GERMANY | www.bosch.io
Tel. +49 7545 202-360 | Telefax +49 7545 202-301 | Daniel.F...@bosch.io

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Dr. Aleksandar Mitrovic, Yvonne Reckling

Fesenmeyer Daniel (IOC/PAU2)

unread,
Mar 18, 2021, 6:01:41 AM3/18/21
to keyclo...@googlegroups.com, Thomas Darimont, Leistert Christoph (IOC/PAU2)

Hello all,

 

We have implemented a PR for the described feature request:

https://github.com/keycloak/keycloak/pull/7865

 

We look forward to receive your feedback.

 

 

Mit freundlichen Grüßen / Best regards

Daniel Fesenmeyer

Bosch IoT Permissions - Product Area User Management (IOC/PAU-PM)
Bosch.IO GmbH | Ziegelei 7 | 88090 Immenstaad | GERMANY | www.bosch.io
Tel. +49 7545 202-360 | Telefax +49 7545 202-301 | Daniel.F...@bosch.io

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Dr. Aleksandar Mitrovic, Yvonne Reckling

From: Fesenmeyer Daniel (IOC/PAU2)
Sent: Dienstag, 2. März 2021 14:57
To: 'Thomas Darimont' <thomas....@googlemail.com>; keyclo...@googlegroups.com
Subject: AW: [keycloak-dev] Evaluate ID-Token and UserInfo-Endpoint

 

Hello all,

 

I’ve created a ticket now: https://issues.redhat.com/browse/KEYCLOAK-17284

We will start working on a PR in the next days.

 

Mit freundlichen Grüßen / Best regards

Daniel Fesenmeyer


Bosch IoT Permissions - Product Area User Management (IOC/PAU-PM)
Bosch.IO GmbH | Ziegelei 7 | 88090 Immenstaad | GERMANY |


Tel. +49 7545 202-360 | Telefax +49 7545 202-301 | Daniel.F...@bosch.io

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Dr. Aleksandar Mitrovic, Yvonne Reckling

Von: Thomas Darimont <thomas....@googlemail.com>
Gesendet: Montag, 1. März 2021 15:58


An: Fesenmeyer Daniel (IOC/PAU2) <Daniel.F...@bosch.io>
Cc: keyclo...@googlegroups.com
Betreff: Re: [keycloak-dev] Evaluate ID-Token and UserInfo-Endpoint

 

Hello Daniel, 

Reply all
Reply to author
Forward
0 new messages