<div dir="ltr">Not quite. JTW and Keycloak's extensions make sense. The part I'm not sure where best to manage is the API user. I'm assuming from your answer that you'd envision each API user being a user in the Keycloak system, correct? If so, I'm still not sure how to associate these with the main user account.</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 10, 2015 at 12:41 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Keycloak's access token format is an extension of JWT (JsonWebToken) in<br>
which we added role claims. Hoe that answers your question.<br>
<div><div class="h5"><br>
On 4/10/2015 12:10 PM, Scott Rossillo wrote:<br>
> We have a system in place where a user is granted API access tokens for<br>
> a project. These tokens can also have permissions associated with them<br>
> (it could be as simple as read/write or read-only). In any case, if we<br>
> migrate to SSO with OIDC, I'm not sure how best to re-implement such a<br>
> solution.<br>
><br>
> Should it even be a concern of the OIDC system? If so, is it something<br>
> that's being considered as a Keycloak feature? For example, GitHub<br>
> allows tokens to be generated and used in place of a password to access<br>
> their OAuth 2.0 API.<br>
><br>
> Thanks,<br>
> Scott<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</font></span></blockquote></div><br></div>