[keycloak-user] OAuth Tokens and IoT Devices

Pedro Igor Silva psilva at redhat.com
Wed Sep 19 08:26:11 EDT 2018 

Hi,

Yeah, true. Although there are some discussions happening about overriding
token lifetime in clients. But yeah, right now any change at this regard
will affect all clients in your realm ...

On Wed, Sep 19, 2018 at 9:20 AM Federico Michele Facca <
federico.facca at martel-innovate.com> wrote:

> Hi Pedro :)
> My understanding (but I may be wrong) is that in this way I will affect
> the whole realm not just a client. Correct?
>
> Cheers,
> Federico
>
> On 19 September 2018 at 14:12, Pedro Igor Silva <psilva at redhat.com> wrote:
>
>> Or you can use long-lived tokens (e.g: 1 week, 1 month) and reduce the
>> frequency your devices refresh tokens ...
>>
>> On Wed, Sep 19, 2018 at 7:14 AM Federico Michele Facca <
>> federico.facca at martel-innovate.com> wrote:
>>
>>> Hi,
>>> what is the current best solution in Keycloak to support a scenario where
>>> devices needs to authenticate using OAuth against an API?
>>>
>>> At the time being, to simplify we use offline-refresh tokens and every
>>> time, it the token is expired, generated out of that a new token.
>>>
>>> In term of performance the trick we use is to cache the access token and
>>> refresh it when needed with a background process.
>>> This process, unfortunately, for some tiny computational devices can be
>>> quite demanding and slow down the most important
>>> goal of sending data to the API at given intervarls.
>>>
>>> A better solution could be having a way to create never expiring access
>>> tokens (or with a manually defined expired date), we understand
>>> that may introduce security issues, but it would be only for specific
>>> scenarios (and I doubt it will introduce more issues that the offline
>>> token).
>>>
>>> Feelings? Suggestions?
>>>
>>> Cheers,
>>> Federico
>>>
>>> --
>>> *Dr. FEDERICO MICHELE FACCA*
>>> *Head of Martel Lab*
>>> 0041 78 807 58 38
>>> *Martel Innovate* <https://www.martel-innovate.com/>  -  Professional
>>> support for innovation projects
>>> Click to download our innovators' insights!
>>> <https://www.martel-innovate.com/premium-content/>
>>> Follow Us on Twitter <https://twitter.com/Martel_Innovate>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>
>
> --
> *Dr. FEDERICO MICHELE FACCA*
> *Head of Martel Lab*
> 0041 78 807 58 38
> *Martel Innovate* <https://www.martel-innovate.com/>  -  Professional
> support for innovation projects
> Click to download our innovators' insights!
> <https://www.martel-innovate.com/premium-content/>
> Follow Us on Twitter <https://twitter.com/Martel_Innovate>
>

More information about the keycloak-user mailing list