[keycloak-user] Combine grants

Corentin Dupont corentin.dupont at gmail.com
Mon Jul 16 10:09:05 EDT 2018


I was thinking to pass both the login/password and the permission request
on the same call (maybe a bit complicated).

On Mon, Jul 16, 2018 at 2:50 PM, Pedro Igor Silva <psilva at redhat.com> wrote:

> Thing is that you need a token to identify the subject making the request.
>
> On Sat, Jul 14, 2018 at 1:48 PM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> Another question for you guys:
>> is it possible to combine grants?
>> Now to get some permissions, I need to perform 2 requests:
>>
>> USERTOKEN=`curl -X POST  -H "Content-Type:
>> application/x-www-form-urlencoded" -d
>> 'username=cdupont&password=password&grant_type=password&clie
>> nt_id=api-server&client_secret=4e9dcb80-efcd-484c-b3d7-1e95a0096ac0'
>> "http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token"
>> |
>> jq .access_token -r`
>>
>> curl -X POST
>> http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
>> "Authorization: Bearer $USERTOKEN" -d
>> "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audi
>> ence=api-server&permission=ce023344-a01e-4d3c-8ba8-
>> dc626e088dfd#sensors:view"
>>
>> The first with grant_type=password and the second with
>> grant_type=urn:ietf:params:oauth:grant-type:uma-ticket.
>> However HTTP requests are expensive...
>> It would be nice to make only one request.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>


More information about the keycloak-user mailing list