[keycloak-user] REST API security

Nils Preusker n.preusker at gmail.com
Mon Apr 14 12:14:33 EDT 2014 

Hi Bill,

ok, so 4.3 seems to be the way to go for us. Did I understand you correctly
that keycloak will continue to support this?

Cheers,
Nils


On Mon, Apr 14, 2014 at 4:39 PM, Bill Burke <bburke at redhat.com> wrote:

> You could use section 4.1 (Auth code grant) or 4.3 (Resource Owner
> Password Credentials Grant) with any OAuth library.  4.1 will require a
> browser.  4.3 doesn't.
>
> We will always support OAuth 2.0 through OpenID Connect.
>
> On 4/14/2014 10:34 AM, Nils Preusker wrote:
> > Hi Bill,
> >
> > I'm familiar with the examples, however I'm looking for a way to grant
> > third-party clients access to my API. Since they could be written in a
> > variety of languages, I'd like them to be able to obtain a token in a
> > defined way without being dependent on Keycloak.
> >
> > I suppose the approach Marek mentioned (OAuth spec section 4.3) should
> > do the trick though (as long as you are planning to continue supporting
> it).
> >
> > Cheers,
> > Nils
> >
> >
> > On Mon, Apr 14, 2014 at 3:32 PM, Bill Burke <bburke at redhat.com
> > <mailto:bburke at redhat.com>> wrote:
> >
> >     Bearer token security.  Take a look at the examples, specifically the
> >     database-service.  This is a pure REST service secured by keyloak.
> >
> >     At the moment, we only have support for JBoss/Wildfly, but it
> wouldn't
> >     take much to write an adapter for another java environment.
> >
> >     On 4/12/2014 1:09 PM, Nils Preusker wrote:
> >      > Hi all,
> >      >
> >      > I'm trying to figure out how I could use keycloak to secure a
> >     REST API
> >      > that is used bu a pure backend REST client. Do you have any
> >      > recommendations for that (i.e. API keys)?
> >      >
> >      > Cheers,
> >      > Nils
> >      >
> >      >
> >      > _______________________________________________
> >      > keycloak-user mailing list
> >      > keycloak-user at lists.jboss.org <mailto:
> keycloak-user at lists.jboss.org>
> >      > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >      >
> >
> >     --
> >     Bill Burke
> >     JBoss, a division of Red Hat
> >     http://bill.burkecentral.com
> >     _______________________________________________
> >     keycloak-user mailing list
> >     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> >     https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140414/a75ff201/attachment.html

More information about the keycloak-user mailing list