[keycloak-user] Obtaining access token by username only (no HMI)
FREIMUELLER Christian
Christian.FREIMUELLER at frequentis.com
Tue Sep 27 02:32:06 EDT 2016
Dear Pedro,
Do you have any updates on this topic or hints how to achieve that with Keycloak for us?
Thanks,
Christian
From: Stian Thorgersen [mailto:sthorger at redhat.com]
Sent: 20 September 2016 09:57
To: FREIMUELLER Christian; Pedro Igor Silva
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Obtaining access token by username only (no HMI)
Pedro - is this possible? Seems like a valid use-case.
On 15 September 2016 at 17:07, FREIMUELLER Christian <Christian.FREIMUELLER at frequentis.com<mailto:Christian.FREIMUELLER at frequentis.com>> wrote:
Dear all,
we have a question regarding Keycloak and obtaining an Access Token.
Our setup is as follows:
· users are created and maintained in Keycloak
· resources, policies and permissions are also maintained in Keycloak
Our use case is:
As a third party application, I want to obtain authorization information (e.g. resource- and scope-based permissions) for a specific user by only providing the username to Keycloak, so I can allow or prohibit further actions.
To be more specific:
We have an application exposing an interface the outside world. Any request from an interface-consuming application contains the name of the user in the request header that called an action on this interface (The username in the request is the same as in Keycloak).
The question is now:
How can we obtain an access token for the user (by only knowing the username) that is needed in order to call/use Keycloak’s AuthZ client to retrieve authorization information (e.g. via its entitlement API)?
We also thought about using offline tokens, but it might be that a user (available in Keycloak) that is sent within the request might have never logged in to any protected application before – therefore we would not be able to have offline tokens at hand that we could use to request a new access token. Is there a solution to obtain an access token for such a user?
Thanks,
Christian
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160927/ea6f803f/attachment.html
More information about the keycloak-user
mailing list