[keycloak-user] Direct Access Grants & 'Client Credentials' OAuth2 grant type

Stian Thorgersen stian at redhat.com
Tue Aug 26 03:01:54 EDT 2014 

It would make sense for us to add something similar to Google's service account (https://developers.google.com/accounts/docs/OAuth2ServiceAccount). It let's you create a special "user" that is associated with an application, and you can authenticate the client/user at the same time with one set of credentials.

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-user at lists.jboss.org
> Sent: Tuesday, 12 August, 2014 6:13:21 PM
> Subject: Re: [keycloak-user] Direct Access Grants & 'Client Credentials' OAuth2 grant type
> 
> Right now we require you to create a user and give permissions to that
> user.  Not sure if we'll add client credentials grant as it would
> require having role mappings for clients and applications.
> 
> On 8/12/2014 11:40 AM, Schneider, John DODGE CONSULTING SERVICES, LLC wrote:
> > Hi everyone,
> >
> > I’ve been evaluating the “Direct Access Grants” functionality of
> > Keycloak.  Overall, I think I can make it work for my use cases, but I
> > do have a couple of concerns.
> >
> > Chapter 12 of the documentation compares Keycloak’s Direct Access Grants
> > functionality to OAuth2’s “Resource Owner Password Credentials Grant.”
> > However, if I understand the specification correctly, this grant type is
> > only for using the resource owner’s credentials.  What if we can’t
> > authorize using the resource owner credentials, but need to authorize
> > the client itself using the client id and secret alone?  For this, we
> > need support for the “Client Credentials Grant”.  Is this planned for
> > Keycloak 1.0?
> >
> > By adding the required “grant_type” parameter to the
> > “tokens/grants/access” service endpoint, it seems like both the
> > “password” and “client_credentials” could be supported, with the
> > “client_credentials” grant type simply not requiring the username and
> > password form parameters in the POST.   Thoughts on this?
> >
> > Thanks,
> >
> > John
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list