Unik6065
Unik6065

Reputation: 103

Does omniauth actually verify the token

I am currently trying to create a web app using Ruby on Rails and Keycloak as my authentication server. I would like also to use it as authorisation server with app roles.

So I found that my best bet would be to use omniauth gem with Keycloak strategy but here is my question: I have to trust the roles within the tokens, so does omniauth already check the token signature or do I have to check it by myself?

Or did I misunderstood something about jwt and openID

Upvotes: 1

Views: 148

Answers (0)

Related Questions