<div dir="ltr">Thanks Marek, I'll look into that!<div><br></div><div>Nils</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Apr 14, 2014 at 9:26 AM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi,<br>
<br>
I would suggest to look at this endpoint
<a href="https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/TokenService.java#L155" target="_blank">https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/TokenService.java#L155</a>
. I wonder that this is something you are looking for as it allows
to retrieve token for some user in exchange to application and
user credentials. It's defacto something described in OAuth2 specs
in Resource Owner flow <a href="http://tools.ietf.org/html/rfc6749#page-37" target="_blank">http://tools.ietf.org/html/rfc6749#page-37</a>
. <br>
<br>
So what I've just tried is this curl request: <br>
curl --request POST
<a href="http://localhost:8081/auth/rest/realms/myRealm/tokens/grants/access" target="_blank">http://localhost:8081/auth/rest/realms/myRealm/tokens/grants/access</a>
--data
"client_id=myApp&client_secret=c52dc243-8004-4843-b03b-bc139fd3a6fc&username=john&password=password"
--header "Accept: application/json" --header "Content-type:
application/x-www-form-urlencoded"<br>
<br>
where client_id and client_secret are credentials of my
application and username/password are credentials of user and
"myRealm" is name of my realm where user "john" and application
"myApp" are registered. Note that instead of client_id and
client_secret you can also use Authorization header (see the code
for more details)<br>
<br>
Marek<div><div class="h5"><br>
<br>
<br>
On 13.4.2014 10:30, Nils Preusker wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">To clarify, I've been looking at the various
clients in the examples and know that I can simply add an
authorization header with a bearer token to the REST requests.
However, as far as I understand the examples and the code, all
the login flows are based on login forms and redirects. While
this is convenient for web applications, I'm missing a simple
way for a "headless" client to obtain a token in return for
application credentials or an API key. Are you planning to
support this kind of use case?
<div>
<br>
</div>
<div>Cheers,</div>
<div>Nils</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Sat, Apr 12, 2014 at 7:09 PM, Nils
Preusker <span dir="ltr"><<a href="mailto:n.preusker@gmail.com" target="_blank">n.preusker@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi all,
<div><br>
</div>
<div>I'm trying to figure out how I could use keycloak to
secure a REST API that is used bu a pure backend REST
client. Do you have any recommendations for that (i.e.
API keys)?</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Nils</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>