Skip to content

Compliant with RFC8414, return server metadata at /.well-known/oauth-authorization-server/realms/{realm} #40923

New issue
New issue
Closed
#41440
Closed
Compliant with RFC8414, return server metadata at /.well-known/oauth-authorization-server/realms/{realm}#40923
#41440
Labels
area/corekind/enhancementCategorizes a PR related to an enhancementrelease/26.4.0team/core-shared
@hrttthr

Description

@hrttthr
hrttthr
opened on Jul 4, 2025

Description

Keycloak does not support RFC8414, and the .well-known endpoint that returns server metadata has the following format:

https://keycloak.example.com/realms/{realm}/.well-known/oauth-authorization-server

RFC8414 specifies the following format:

https://keycloak.example.com/.well-known/oauth-authorization-server/realms/{realm}

It would be better to add a feature that supports well-known endpoints in RFC8414 format while maintaining backward compatibility.

Discussion

#40809

Motivation

It is better to comply with RFC8414 to support specifications such as OpenId4VCI.

Details

For classes that accept realms/{realm}/.well-known/ and return metadata, how about accepting /.well-known/realms/{realm} as well?

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/corekind/enhancementCategorizes a PR related to an enhancementrelease/26.4.0team/core-shared

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions