[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth
Juraci Paixão Kröhling
juraci at kroehling.de
Tue Nov 18 09:40:55 EST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Any thoughts on that?
My use case is similar to a regular "SaaS", in which I'd provide an
API key and API secret (or a single token, or ...) to the users, which
can then use those credentials on simple bash scripts.
- - Juca.
On 11/13/2014 05:58 PM, Juraci Paixão Kröhling wrote:
> On 11/10/2014 02:38 PM, Bill Burke wrote:
>> With basic auth, you have zero control over the client and
>> you're handing over credentials to that client. Simple and easy
>> for "hello world" apps sure.
> Would it make sense to add something like Google's "Application
> Specific Passwords"? This way, it's not the main credentials which
> are being shared and those can be revoked individually if
> An application that is not OAuth capable for some reason could
> then make use of this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the keycloak-user