[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth
Juraci Paixão Kröhling
juraci at kroehling.de
Thu Nov 13 11:58:39 EST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 11/10/2014 02:38 PM, Bill Burke wrote:
> With basic auth, you have zero control over the client and you're
> handing over credentials to that client. Simple and easy for
> "hello world" apps sure.
Would it make sense to add something like Google's "Application
Specific Passwords"? This way, it's not the main credentials which are
being shared and those can be revoked individually if necessary.
An application that is not OAuth capable for some reason could then
make use of this.
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the keycloak-user