Skip to content
This repository has been archived by the owner on Dec 7, 2020. It is now read-only.

Support token exchange in gatekeeper #547

Open
abstractj opened this issue Apr 28, 2020 · 2 comments
Open

Support token exchange in gatekeeper #547

abstractj opened this issue Apr 28, 2020 · 2 comments
Labels
kind/feature request triage

Comments

@abstractj
Copy link

What:

h3. What

Add support for token exchange to keycloak-gatekeeper (described [here|https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange]).

h3. Why

Currently gatekeeper rejects requests if the provided token does not contain the right audience. Since keycloak supports token exchange for changing/downgrading the current bearer token gatekeeper could try to change the token to the right audience. In this way gatekeeper could transparently support the described use cases of token exchange (for example internal token to internal token) for the requester.
If required the feature could be activated by configuration.

Reference:
@a1tan
Copy link

a1tan commented Sep 24, 2020

Is there an improvement on this feature?

@abstractj
Copy link
Author

@a1tan please check #683

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/feature request triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abstractj @a1tan