<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Calibri" size="2"><span style="font-size:11pt;">
<div>Dear all,</div>
<div> </div>
<div>we have a question regarding Keycloak and obtaining an Access Token.</div>
<div> </div>
<div>Our setup is as follows:</div>
<ul style="margin:0;padding-left:36pt;">
<li>users are created and maintained in Keycloak</li><li>resources, policies and permissions are also maintained in Keycloak</li></ul>
<div> </div>
<div><u>Our</u><u> use case is:</u></div>
<div>As a third party application, I want to obtain authorization information (e.g. resource- and scope-based permissions) for a specific user by only providing the username to Keycloak, so I can allow or prohibit further actions.</div>
<div> </div>
<div><u>To be more specific: </u></div>
<div>We have an application exposing an interface the outside world. Any request from an interface-consuming application contains the name of the user in the request header that called an action on this interface (The username in the request is the same as
in Keycloak).</div>
<div> </div>
<div><u>The question is now: </u></div>
<div>How can we obtain an access token for the user (by only knowing the username) that is needed in order to call/use Keycloak’s AuthZ client to retrieve authorization information (e.g. via its entitlement API)? </div>
<div> </div>
<div>We also thought about using offline tokens, but it might be that a user (available in Keycloak) that is sent within the request might have never logged in to any protected application before – therefore we would not be able to have offline tokens at hand
that we could use to request a new access token. Is there a solution to obtain an access token for such a user?</div>
<div> </div>
<div>Thanks,</div>
<div>Christian</div>
<div> </div>
</span></font>
</body>
</html>