[keycloak-user] preferred identity mechanism for rest clients
Stian Thorgersen
sthorger at redhat.com
Wed Oct 18 23:44:23 EDT 2017
One thing is that the client should authenticate itself as well. If you use
service account you have one set of credentials for the client, but if you
use regular user account you have two. Service accounts also have different
authentication mechanisms to users and doesn't get "interrupted" by
required actions.
On 18 Oct 2017 7:36 am, "Graham O'Regan" <graham.oregan at gmail.com> wrote:
> Hi,
>
> We are using mod_auth_openidc set up as a keycloak client so we can use
> openid-connect for browsers and oauth20 for REST clients. We have setup
> some REST clients as users and use a grant_type=password to get a bearer
> token but I’ve also tested using a keycloak client with a service account
> to achieve a similar effect. There is a benefit to us in using a user
> account because we have hooked the account creation into our internal
> authorization mechanism but would it be preferable to use service accounts
> instead?
>
> Thanks in advance,
>
> G
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list