<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 4, 2014 at 6:18 PM, Tadeas Kriz <span dir="ltr"><<a href="mailto:tkriz@redhat.com" target="_blank">tkriz@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hey guys,<br>
<br>
as you might know, in the integration tests we only test the REST backend, making sure it works as intended. Before Keycloak, every action was achievable using the REST, that included login, logout and user management. We don’t need the user management for sure, but login and logout is an another story. Now with Keycloak anyone who wants to just use REST calls, still need to login using the Keycloak.<br>
<br>
My question is, do we want users to be able to access the REST without OAuth? If we do, it would probably mean we need to have two Keycloak applications,</blockquote><div><br></div><div>What do you mean here? Are you suggestion two WAR files (for each 'keycloak application') ? Or just more a declarative setup? </div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> one for the UI which would still use OAuth and second one for REST calls which would use Bearer only. This would also mean that when someone makes a REST call to an endpoint without being authorized, he would receive 401 response, instead of 302 redirect (before Keycloak, the response was 401 in case of unauthorized access).<br>
</blockquote><div><br></div><div>yeah, I think the RESTful APIs behind the 'AdminUI' for the 'application/variant management' should continue to work. (I doubt there is much usage of those outside of the AdminUI)</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
What do you think?<br>
<br>
—<br>
<span class="HOEnZb"><font color="#888888">Tadeas Kriz<br>
<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>