[Apiman-user] Keycloak OAuth2 policy: Get bearer token for logged in user without using username/password
Ton Swieb
ton at finalist.nl
Tue Dec 8 10:28:18 EST 2015
Hi,
I would like to secure my api's using the Keycloak OAuth2 policy.
Similair to what is described in the blog post of Marc Savy:
http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
Only with the difference that Keycloak delegates the login to a third party
IdP. After logging in at this third party IdP I end up with an active
session in the Apiman UI (the apiman realm of Keycloak).
Now I am wondering how to get the bearer token, because I do not have a
username/password combination I can use to make a call like:
curl -X POST http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token
-H "Content-Type: application/x-www-form-urlencoded" -d
"username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d
'client_id=apiman'
Because the username/password combination is linked to the third party IdP
and not to Keycloak itself.
Is there another way to obtain the bearer token?
Perhaps this is aquestion which I should address at the keycloak
mailinglist. I will try to ask the question there as well.
Regards,
Ton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20151208/59471eab/attachment.html
More information about the Apiman-user
mailing list