<div dir="ltr">Hi Marek,<br><div class="gmail_extra"><br><div class="gmail_quote">2014-11-27 12:38 GMT-03:00 Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>:<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class=""><blockquote type="cite"><div dir="ltr">
<span style="color:rgb(51,51,51);font-family:monospace;font-size:13.63636302948px;background-color:rgb(253,253,253)">1
- Is there any way to obtain an access token for an OAuth
Client via Client Credentials[1]?</span><br style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">
</div>
</blockquote></span>
You mean something like Service account like this from OAuth2 specs
<a href="http://tools.ietf.org/html/rfc6749#page-40" target="_blank">http://tools.ietf.org/html/rfc6749#page-40</a> ? We don't have that yet,
but there are plans to support it afaik. <br><span class="">
<blockquote type="cite">
<div dir="ltr"><br style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace"></div></blockquote></span></div></blockquote><div>Yes, I was talking about secction 4.4 Client Credentials Grant. Any idea about when it will be implemented?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class=""><blockquote type="cite"><div dir="ltr">
<span style="color:rgb(51,51,51);font-family:monospace;font-size:13.63636302948px;background-color:rgb(253,253,253)">2
- If we make a request to an Application (Resource Server)
with an access token and this Application needs to talk to
another protected Application to form the response to the
client, how does the first Application authenticates to the
second Application? Does Keycloak implements something like
Chain Grant Type Profile[2]?</span><br style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">
</div>
</blockquote></span>
yes, that is doable. We have an example where we have frontend
application like 'customer-portal', which is able to retrieve
accessToken from keycloak like here:
<a href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48" target="_blank">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48</a>
and then use this accessToken to send request to backend application
'database-service' in Authorization header
<a href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L54" target="_blank">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L54</a>
. Database-service is then able to authenticate the token. <br>
<br>
Currently our database-service is directly serving requests and send
back data, but it shouldn't be a problem to add another application
to the chain, so that database-service will send the token again to
another app like 'real-database-service', which will return data and
those data will be sent back to the original frontent requestor
(customer-portal). Is it something what you meant?<br></div></blockquote><div><br></div><div>Thats exactly what I meant. I will take a look at the example. </div><div><br></div><div>Thank you very much.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
<br>
Marek<br>
<blockquote type="cite">
<div dir="ltr"><br style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">
<span style="color:rgb(51,51,51);font-family:monospace;font-size:13.63636302948px;background-color:rgb(253,253,253)">Thanks
in advance.</span><br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div></div>