<div dir="ltr">By management REST API you mean the API the admin console uses? <div><br></div><div>Just to make sure I understand your suggestion correctly:</div><div><br></div><div>* I would use the management REST API (same API the admin console uses) from my backend application<br>
</div><div>* my backend application would need a user ("application user") within the keycloak-admin realm</div><div>* when accessing the management REST API, I would add an "Authorization: Bearer ..." header with the token I can obtain from .../auth/rest/realms/MY-REALM/tokens/grants/access</div>
<div><br></div><div>Cheers,</div><div>Nils</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 15, 2014 at 3:10 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">IMO, you should not use the model directly in your applications. The<br>
management REST API gives you full access to security metadata. Use<br>
that. Plus, in the very near future (after beta-1 release) we'll be<br>
implementing a cache and if you are modifying data directly, there will<br>
be possibilities of this cache using stale data.<br>
<div class="HOEnZb"><div class="h5"><br>
On 4/15/2014 4:30 AM, Stian Thorgersen wrote:<br>
> At some point we'll add a Java and REST api's for user management. This will also include being able to register listeners for user events (for example user created, user deleted, etc).<br>
><br>
> In the mean time I don't see any issues with using keycloak-model-jpa directly, especially not for read only. This API will quite likely change between versions, and we won't support any backwards compatibility. The "official" user management API once it's ready will be more stable, but I'm not sure when we'll have time to implement that.<br>
><br>
> ----- Original Message -----<br>
>> From: "Nils Preusker" <<a href="mailto:n.preusker@gmail.com">n.preusker@gmail.com</a>><br>
>> To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
>> Sent: Tuesday, 15 April, 2014 9:22:44 AM<br>
>> Subject: [keycloak-user] Sharing users<br>
>><br>
>> Hi, I have a question regarding user management and sharing access to the<br>
>> keycloak database between applications.<br>
>><br>
>> While the keycloak admin console can be used to manage users, other<br>
>> applications may also need to access the user database. Is there a<br>
>> recommended way of accomplishing this?<br>
>><br>
>> I've been experimenting with adding keycloak-model-jpa to my .war as a<br>
>> dependency and looking at the bootstrapping in<br>
>> org.keycloak.services.resources.KeycloakApplication. However, I wasn't able<br>
>> to get it to work yet and have the feeling that I might be going the wrong<br>
>> way here.<br>
>><br>
>> Any hints?<br>
>><br>
>> Cheers,<br>
>> Nils<br>
>><br>
>> _______________________________________________<br>
>> keycloak-user mailing list<br>
>> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
>> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>