<div dir="ltr">To clarify, I've been looking at the various clients in the examples and know that I can simply add an authorization header with a bearer token to the REST requests. However, as far as I understand the examples and the code, all the login flows are based on login forms and redirects. While this is convenient for web applications, I'm missing a simple way for a "headless" client to obtain a token in return for application credentials or an API key. Are you planning to support this kind of use case?<div>
<br></div><div>Cheers,</div><div>Nils</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Apr 12, 2014 at 7:09 PM, Nils Preusker <span dir="ltr"><<a href="mailto:n.preusker@gmail.com" target="_blank">n.preusker@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>I'm trying to figure out how I could use keycloak to secure a REST API that is used bu a pure backend REST client. Do you have any recommendations for that (i.e. API keys)?</div>
<div><br></div><div>Cheers,</div><div>Nils</div></div>
</blockquote></div><br></div>