[keycloak-dev] Allow bearer-only cilents to have service accounts

Stian Thorgersen sthorger at redhat.com
Thu Jan 5 02:36:38 EST 2017


Added https://issues.jboss.org/browse/KEYCLOAK-4156

On 4 January 2017 at 17:49, Pedro Igor <psilva at redhat.com> wrote:

> Yeah, it was there since day 0 if you look git history.
>
> On 1/4/2017 12:23:42 PM, Stian Thorgersen <sthorger at redhat.com> wrote:
>
>
> On 4 January 2017 at 14:56, Pedro Igor <psilva at redhat.com> wrote:
>
>> +1. Besides, there is a very clear if statement on the token endpoint
>> that blocks any attempt from bearer-only clients to obtain tokens.
>>
>
> FIY that if statement was added before we did service accounts / client
> credential grants
>
>
>> On 1/4/2017 3:47:48 AM, Stian Thorgersen <sthorger at redhat.com> wrote:
>> Currently a bearer-only client can't have a service account and that
>> seems
>> like a mistake. Further this prevents bearer-only clients to use the
>> authorization services.
>>
>> Is there any good reasons why bearer-only clients can't have service
>> accounts and be able to obtain token using the client credential grant?
>>
>> The only thing a bearer-only client should be prevented to do IMO is
>> authenticate users (authorization code flow and resource owner credential
>> grant).
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>


More information about the keycloak-dev mailing list