Unik6065
Reputation: 103
Does omniauth actually verify the token
I am currently trying to create a web app using Ruby on Rails and Keycloak as my authentication server. I would like also to use it as authorisation server with app roles.
So I found that my best bet would be to use omniauth gem with Keycloak strategy but here is my question: I have to trust the roles within the tokens, so does omniauth already check the token signature or do I have to check it by myself?
Or did I misunderstood something about jwt and openID
Upvotes: 1
Views: 148
Answers (0)
Related Questions
- Understanding the Rails Authenticity Token
- Generate JWT Token in Keycloak and get public key to verify the JWT token on a third party platform
- What's the difference between OpenID and OAuth?
- Obtain ID token from Keycloak on Ruby on Rails with Omniauth to implement logout
- Latest omniauth-facebook gem breaks devise
- Accessing the Google DFP API with a OmniAuth refresh token
- omniauth with linkedin
- How to use http authentication in devise with an optional omniauth token as the authentication token