<div dir="ltr">Pedro - is this possible? Seems like a valid use-case.</div><div class="gmail_extra"><br><div class="gmail_quote">On 15 September 2016 at 17:07, FREIMUELLER Christian <span dir="ltr"><<a href="mailto:Christian.FREIMUELLER@frequentis.com" target="_blank">Christian.FREIMUELLER@frequentis.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<font face="Calibri" size="2"><span style="font-size:11pt">
<div>Dear all,</div>
<div> </div>
<div>we have a question regarding Keycloak and obtaining an Access Token.</div>
<div> </div>
<div>Our setup is as follows:</div>
<ul style="margin:0;padding-left:36pt">
<li>users are created and maintained in Keycloak</li><li>resources, policies and permissions are also maintained in Keycloak</li></ul>
<div> </div>
<div><u>Our</u><u> use case is:</u></div>
<div>As a third party application, I want to obtain authorization information (e.g. resource- and scope-based permissions) for a specific user by only providing the username to Keycloak, so I can allow or prohibit further actions.</div>
<div> </div>
<div><u>To be more specific: </u></div>
<div>We have an application exposing an interface the outside world. Any request from an interface-consuming application contains the name of the user in the request header that called an action on this interface (The username in the request is the same as
in Keycloak).</div>
<div> </div>
<div><u>The question is now: </u></div>
<div>How can we obtain an access token for the user (by only knowing the username) that is needed in order to call/use Keycloak’s AuthZ client to retrieve authorization information (e.g. via its entitlement API)? </div>
<div> </div>
<div>We also thought about using offline tokens, but it might be that a user (available in Keycloak) that is sent within the request might have never logged in to any protected application before – therefore we would not be able to have offline tokens at hand
that we could use to request a new access token. Is there a solution to obtain an access token for such a user?</div>
<div> </div>
<div>Thanks,</div>
<div>Christian</div>
<div> </div>
</span></font>
</div>
<br>______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>