[keycloak-user] Help understanding Bearer-only

Mai Zi ornot2008 at yahoo.com
Thu Sep 24 06:06:48 EDT 2015

Hi, there,  Here is the metaphor  about we are working on.
Suppose we are a primary school.  We'd like to offer a sports club card for our teachers so  they can go to excise  in weekend.  The workflow is simple, 1) we apply a card from the club.2) we give the card to the teacher.3) The teacher takes the card to the club to do whatever. 
With keycloak , we think 
1)The card is the token2) We, the school, are the oauth  client 3)  The teacher and the club go with bearer-only .

Based on the understanding above, 
1) By admin restful endpoints, we( the school) create a user account , reset a whatever  password, set the role for the user , and finally acquire this user's access token .   In this step. the user is not involved at all. 
2)  We transfer this  access token to the user .
3)   The user now visits the  club 's restful endpoints with this token carrying on. 
Unfortunately,  we can not reach the club's resource . The code is 403 forbidden. 

I am not sure whether we get the right idea on bearer-only model or not. Or we missed something
Any help will be appreciated. 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150924/2a02c987/attachment.html 

More information about the keycloak-user mailing list