[aerogear-dev] Direct access to UnifiedPush Server's REST without OAuth
Bruno Oliveira
bruno at abstractj.org
Thu Jun 5 08:08:46 EDT 2014
On 2014-06-05, Matthias Wessendorf wrote:
> On Wed, Jun 4, 2014 at 6:18 PM, Tadeas Kriz <tkriz at redhat.com> wrote:
>
> > Hey guys,
> >
> > as you might know, in the integration tests we only test the REST backend,
> > making sure it works as intended. Before Keycloak, every action was
> > achievable using the REST, that included login, logout and user management.
> > We don’t need the user management for sure, but login and logout is an
> > another story. Now with Keycloak anyone who wants to just use REST calls,
> > still need to login using the Keycloak.
> >
> > My question is, do we want users to be able to access the REST without
> > OAuth? If we do, it would probably mean we need to have two Keycloak
> > applications,
>
>
> What do you mean here? Are you suggestion two WAR files (for each 'keycloak
> application') ? Or just more a declarative setup?
I think what Tadeas means is pretty much in the context of KC
configuration file
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/testrealm.json#L90
>
>
> > one for the UI which would still use OAuth and second one for REST calls
> > which would use Bearer only. This would also mean that when someone makes a
> > REST call to an endpoint without being authorized, he would receive 401
> > response, instead of 302 redirect (before Keycloak, the response was 401 in
> > case of unauthorized access).
> >
>
> yeah, I think the RESTful APIs behind the 'AdminUI' for the
> 'application/variant management' should continue to work. (I doubt there is
> much usage of those outside of the AdminUI)
As far as I can tell if that is really required, we need to include a
public client for REST.
>
>
> > What do you think?
> >
> > —
> > Tadeas Kriz
> >
> >
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
More information about the aerogear-dev
mailing list