[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth
bburke at redhat.com
Tue Nov 18 10:21:23 EST 2014
How is that any different than our access tokens?
On 11/18/2014 9:40 AM, Juraci Paixão Kröhling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> Any thoughts on that?
> My use case is similar to a regular "SaaS", in which I'd provide an
> API key and API secret (or a single token, or ...) to the users, which
> can then use those credentials on simple bash scripts.
> - - Juca.
> On 11/13/2014 05:58 PM, Juraci Paixão Kröhling wrote:
>> On 11/10/2014 02:38 PM, Bill Burke wrote:
>>> With basic auth, you have zero control over the client and
>>> you're handing over credentials to that client. Simple and easy
>>> for "hello world" apps sure.
>> Would it make sense to add something like Google's "Application
>> Specific Passwords"? This way, it's not the main credentials which
>> are being shared and those can be revoked individually if
>> An application that is not OAuth capable for some reason could
>> then make use of this.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> -----END PGP SIGNATURE-----
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
JBoss, a division of Red Hat
More information about the keycloak-user