[keycloak-user] UMA vs OAuth
Pedro Igor Silva
psilva at redhat.com
Wed Aug 15 07:31:17 EDT 2018
On Wed, Aug 15, 2018 at 7:35 AM, Dmitry Pichugin <pdomsk at gmail.com> wrote:
> Good day!
>
> We are using Keyclaok in our project, have installed version 4.2.1.
>
> Our task:
>
> - integration with API gateway and use KeyCloak for resources protect.
>
> We would be to use "Client Credentials Flow" from OAuth specs. But during
> version 4, KeyCloak does not support OAuth and is recommended to apply UMA
> 2.0.
>
I'm not sure what you mean here. Where did you find this recommendation ?
>
> Yes, the differences between UMA and OAuth not huge, as a request and
> response(JWT token) formats, UMA has specific logic with RPT-token etc and
> UMA gives some advantages(we do not have the plan to use it).
>
UMA is a standard mainly targeted for privacy (although there are other
benefits in using even if not for privacy), if you don't need users
managing their own resources, sharing, etc, yeah, you probably don't need
it. However, keep in mind that UMA support is one of the capabilities we
support in Keycloak Authorization Services, you can still use Keycloak to
enforce access to your protected resources using permissions
managed/granted by the server.
>
> We try to make a request in OAuth specs but got the error.
>
> Why does KeyCloak not support OAuth and UMA 2.0 same time? Do you have some
> specific reasons for this?
>
We do support. Could you elaborate more what you are trying to achieve ?
>
> Thank you!
>
> Best regards. Dmitry Pichugin.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list