[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth
Juraci Paixão Kröhling
juraci at kroehling.de
Fri Nov 21 05:29:09 EST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 11/19/2014 05:16 PM, Stian Thorgersen wrote:
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com> To:
>> keycloak-user at lists.jboss.org Sent: Wednesday, 19 November, 2014
>> 4:01:36 PM Subject: Re: [keycloak-user] Recommendations for
>> protecting REST service with bearer token and basic auth
>> You guys are basically describing certificate auth.
> Yes for the one use-case I described (where the app is the user).
> There's also the case where a user gives an application permanent
> (offline) access to their account. In Google they have a special
> scope you can request for this
If there are no objections, I'll start scratching an implementation of
this offline mode, as something on this direction will be needed for
the project I'm helping with.
Ideally, the project would benefit from using service accounts instead
of acting on behalf of an specific user, but as there will be only one
account per user/realm, this would do for now :-)
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the keycloak-user