[keycloak-user] Questions about keycloak
mposolda at redhat.com
Thu Nov 27 10:38:08 EST 2014
On 27.11.2014 16:21, Ruben Lopez wrote:
> Our organization is currently evaluating the use of Keycloak and we
> have some questions:
> 1 - Is there any way to obtain an access token for an OAuth Client via
> Client Credentials?
You mean something like Service account like this from OAuth2 specs
http://tools.ietf.org/html/rfc6749#page-40 ? We don't have that yet, but
there are plans to support it afaik.
> 2 - If we make a request to an Application (Resource Server) with an
> access token and this Application needs to talk to another protected
> Application to form the response to the client, how does the first
> Application authenticates to the second Application? Does Keycloak
> implements something like Chain Grant Type Profile?
yes, that is doable. We have an example where we have frontend
application like 'customer-portal', which is able to retrieve
accessToken from keycloak like here:
and then use this accessToken to send request to backend application
'database-service' in Authorization header
. Database-service is then able to authenticate the token.
Currently our database-service is directly serving requests and send
back data, but it shouldn't be a problem to add another application to
the chain, so that database-service will send the token again to another
app like 'real-database-service', which will return data and those data
will be sent back to the original frontent requestor (customer-portal).
Is it something what you meant?
> Thanks in advance.
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-user