[keycloak-user] Get token for JS UI

[Matt H]

I didn't think there was, but I had to check.


I have a module that I have to use that authenticates a user.  So when a user goes to a UI, they will be required to authenticate with this.  It validates that they are who they are.  From there the UI (pure JS) would call an application that is secured with Keycloak so the request needs a token to access it.  A lot of our application to application calls are set up as clients with confidential access, so the application is what the ticket is for, not the user using the application.  Make sense?

________________________________
From: Stian Thorgersen <sthorger at redhat.com>
Sent: Monday, January 9, 2017 3:46 AM
To: Matt H
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Get token for JS UI

No, of course there isn't. A JS app runs entirely within the users browser.

Can you explain what you're actually trying to achieve? I don't get it.

On 6 January 2017 at 16:29, Matt H <tsdgcc2087 at outlook.com<mailto:tsdgcc2087 at outlook.com>> wrote:
I have a situation where I need my javascript UI (all client side) to obtain a token from Keycloak.  The token would not be specific to the user but for the UI itself.  Looking at the documentation for the Javascript Adapter, it appears that it only works for getting a token for the user and is a public access type.  Is it possible to get a token for the UI and treat the UI as a confidential client?  It would need to then have a secret key, right?  Is there a good way to store that secret key so that it can't be read by users who just browse the source from their browser?


The reason for doing this is I have another authentication engine that is used to access the UI.  The users would then not have an account in Keycloak.
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user