[keycloak-user] API Tokens and Permissions (like GitHub Personal Tokens)
Bill Burke
bburke at redhat.com
Fri Apr 10 12:41:13 EDT 2015
Keycloak's access token format is an extension of JWT (JsonWebToken) in
which we added role claims. Hoe that answers your question.
On 4/10/2015 12:10 PM, Scott Rossillo wrote:
> We have a system in place where a user is granted API access tokens for
> a project. These tokens can also have permissions associated with them
> (it could be as simple as read/write or read-only). In any case, if we
> migrate to SSO with OIDC, I'm not sure how best to re-implement such a
> solution.
>
> Should it even be a concern of the OIDC system? If so, is it something
> that's being considered as a Keycloak feature? For example, GitHub
> allows tokens to be generated and used in place of a password to access
> their OAuth 2.0 API.
>
> Thanks,
> Scott
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list