Hey all!
I’m trying to implement parts of the OpenID Federations Spec (OpenID Federation 1.0 - draft 32) as a Keycloak extension.
One piece of it is an exposed well-known document, which is a signed JWS at the url <issuer>/.well-known/openid-federation
.
Example: https://example.com/auth/realms/master/.well-known/openid-federation
.
The problem so far is, that I can’t do this as a RealmResource due to the additional path segment the provider ID adds. Abusing the WellKnownProvider also does not work as it enforces the response to be of type application/json
.
Is there another solution to achieve this? Or should we consider another approach?