Re: [aerogear-dev] Direct access to UnifiedPush Server's REST without OAuth

On Wed, Jun 4, 2014 at 6:18 PM, Tadeas Kriz <tkriz(a)redhat.com&gt; wrote: > Hey guys, > > as you might know, in the integration tests we only test the REST backend, > making sure it works as intended. Before Keycloak, every action was > achievable using the REST, that included login, logout and user management. > We don’t need the user management for sure, but login and logout is an > another story. Now with Keycloak anyone who wants to just use REST calls, > still need to login using the Keycloak. > > My question is, do we want users to be able to access the REST without > OAuth? If we do, it would probably mean we need to have two Keycloak > applications, What do you mean here? Are you suggestion two WAR files (for each 'keycloak application') ? Or just more a declarative setup?

> one for the UI which would still use OAuth and second one for REST calls > which would use Bearer only. This would also mean that when someone makes a > REST call to an endpoint without being authorized, he would receive 401 > response, instead of 302 redirect (before Keycloak, the response was 401 in > case of unauthorized access). > yeah, I think the RESTful APIs behind the 'AdminUI' for the 'application/variant management' should continue to work. (I doubt there is much usage of those outside of the AdminUI)

> What do you think? > > — > Tadeas Kriz > > -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf

_______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev