Introspect token and get different userInfo
46 views
Skip to first unread message
Skander
Sep 10, 2021, 1:26:00 PM9/10/21
to Keycloak User
Hi,
I have two clients, the frontend is a public client, the backend is a bearer only client.
Is it possible to verify the token from the frontend and get more private attributes from userInfo that the frontend cannot see ?
Those attributes are created by an Admin REST API client and I don't want them to be seen by the public client.
Thank you
I have two clients, the frontend is a public client, the backend is a bearer only client.
Is it possible to verify the token from the frontend and get more private attributes from userInfo that the frontend cannot see ?
Those attributes are created by an Admin REST API client and I don't want them to be seen by the public client.
Thank you
piyush bakde
Sep 11, 2021, 3:20:39 AM9/11/21
to Keycloak User
hello,
I am Piyush, I am new to this open-source community and want to start with a contribution to open source.
can anyone guide me with project installation and how to set up it on the local machine?
I went through the readme file and every detail of this project on GitHub but personally, I feel I should ask another member of the community so they can provide me a better guide to deal with it.
so what should I do after I cloned the project to my folder?
Martin Harm
Sep 12, 2021, 4:47:04 AM9/12/21
to Keycloak User
Hi,
yes, you can validate a token in the backend. Thats what token are for.
and yes, you can pass an accesstoken from the frontend to the backend which than can use this token to call the userinfo endpoint, to get more information
BUT of course can the frontend call the userinfo with that token directly. So the extra informatin is not protected from the frontend.
Regards martin
Reply all
Reply to author
Forward
0 new messages