[keycloak-user] Direct Access Grants & 'Client Credentials' OAuth2 grant type
Bill Burke
bburke at redhat.com
Tue Aug 12 12:13:21 EDT 2014
Right now we require you to create a user and give permissions to that
user. Not sure if we'll add client credentials grant as it would
require having role mappings for clients and applications.
On 8/12/2014 11:40 AM, Schneider, John DODGE CONSULTING SERVICES, LLC wrote:
> Hi everyone,
>
> I’ve been evaluating the “Direct Access Grants” functionality of
> Keycloak. Overall, I think I can make it work for my use cases, but I
> do have a couple of concerns.
>
> Chapter 12 of the documentation compares Keycloak’s Direct Access Grants
> functionality to OAuth2’s “Resource Owner Password Credentials Grant.”
> However, if I understand the specification correctly, this grant type is
> only for using the resource owner’s credentials. What if we can’t
> authorize using the resource owner credentials, but need to authorize
> the client itself using the client id and secret alone? For this, we
> need support for the “Client Credentials Grant”. Is this planned for
> Keycloak 1.0?
>
> By adding the required “grant_type” parameter to the
> “tokens/grants/access” service endpoint, it seems like both the
> “password” and “client_credentials” could be supported, with the
> “client_credentials” grant type simply not requiring the username and
> password form parameters in the POST. Thoughts on this?
>
> Thanks,
>
> John
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list