Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-6871

Make sending a request object mandatory for certain clients

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      I have a use case where the server must accept authorization requests only when they contain a signed request object (should be configurable per client).
      The server must only accept a request object entered by value, and not by reference.

      I have implemented a way to configure if a client:

      • doesn't need to provide a request object
      • needs to provide a request object in either the 'request' or the 'request_uri' param
      • needs to provide a request in the 'request' param
      • needs to provide a request in the 'request_uri' param

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                aronbustya Áron Bustya
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: