
<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">Hi,<br>

      <br>

      On 27.11.2014 16:21, Ruben Lopez wrote:<br>

    </div>

    <blockquote

cite="mid:CA+L_nNiTRZ2ySW7+XG-5461nmdi0XXuNV=foOBXugO-chcFNcw@mail.gmail.com"

      type="cite">

      <div dir="ltr"><span

style="color:rgb(51,51,51);font-family:monospace;font-size:13.63636302948px;background-color:rgb(253,253,253)">Hi,</span><br

style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">

        <br

style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">

        <span

style="color:rgb(51,51,51);font-family:monospace;font-size:13.63636302948px;background-color:rgb(253,253,253)">Our

          organization is currently evaluating the use of Keycloak and

          we have some questions:</span><br

style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">

        <br

style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">

        <span

style="color:rgb(51,51,51);font-family:monospace;font-size:13.63636302948px;background-color:rgb(253,253,253)">1

          - Is there any way to obtain an access token for an OAuth

          Client via Client Credentials[1]?</span><br

style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">

      </div>

    </blockquote>

    You mean something like Service account like this from OAuth2 specs

    <a class="moz-txt-link-freetext" href="http://tools.ietf.org/html/rfc6749#page-40">http://tools.ietf.org/html/rfc6749#page-40</a> ? We don't have that yet,

    but there are plans to support it afaik. <br>

    <blockquote

cite="mid:CA+L_nNiTRZ2ySW7+XG-5461nmdi0XXuNV=foOBXugO-chcFNcw@mail.gmail.com"

      type="cite">

      <div dir="ltr"><br

style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">

        <span

style="color:rgb(51,51,51);font-family:monospace;font-size:13.63636302948px;background-color:rgb(253,253,253)">2

          - If we make a request to an Application (Resource Server)

          with an access token and this Application needs to talk to

          another protected Application to form the response to the

          client, how does the first Application authenticates to the

          second Application? Does Keycloak implements something like

          Chain Grant Type Profile[2]?</span><br

style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">

      </div>

    </blockquote>

    yes, that is doable. We have an example where we have frontend

    application like 'customer-portal', which is able to retrieve

    accessToken from keycloak like here:

    <a class="moz-txt-link-freetext" href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48</a>

    and then use this accessToken to send request to backend application

    'database-service' in Authorization header

    <a class="moz-txt-link-freetext" href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L54">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L54</a>

    . Database-service is then able to authenticate the token. <br>

    <br>

    Currently our database-service is directly serving requests and send

    back data, but it shouldn't be a problem to add another application

    to the chain, so that database-service will send the token again to

    another app like 'real-database-service', which will return data and

    those data will be sent back to the original frontent requestor

    (customer-portal). Is it something what you meant?<br>

    <br>

    Marek<br>

    <blockquote

cite="mid:CA+L_nNiTRZ2ySW7+XG-5461nmdi0XXuNV=foOBXugO-chcFNcw@mail.gmail.com"

      type="cite">

      <div dir="ltr"><br

style="font-size:13.63636302948px;color:rgb(51,51,51);font-family:monospace">

        <span

style="color:rgb(51,51,51);font-family:monospace;font-size:13.63636302948px;background-color:rgb(253,253,253)">Thanks

          in advance.</span><br>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

keycloak-user mailing list

<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>

<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

    </blockquote>

    <br>

  </body>

</html>