[keycloak-user] Direct Access Grants & 'Client Credentials' OAuth2 grant type
Schneider, John DODGE CONSULTING SERVICES, LLC
John.Schneider at carrier.utc.com
Tue Aug 12 11:40:49 EDT 2014
Hi everyone,
I've been evaluating the "Direct Access Grants" functionality of Keycloak. Overall, I think I can make it work for my use cases, but I do have a couple of concerns.
Chapter 12 of the documentation compares Keycloak's Direct Access Grants functionality to OAuth2's "Resource Owner Password Credentials Grant." However, if I understand the specification correctly, this grant type is only for using the resource owner's credentials. What if we can't authorize using the resource owner credentials, but need to authorize the client itself using the client id and secret alone? For this, we need support for the "Client Credentials Grant". Is this planned for Keycloak 1.0?
By adding the required "grant_type" parameter to the "tokens/grants/access" service endpoint, it seems like both the "password" and "client_credentials" could be supported, with the "client_credentials" grant type simply not requiring the username and password form parameters in the POST. Thoughts on this?
Thanks,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140812/1600227b/attachment.html
More information about the keycloak-user
mailing list