I think the short tokens issued by the likes of OpenShift is primarily used
for authentication, not access. As such it's more a short ID token than an
actual access token.
I could see us doing something similar with allowing users to generate
these short tokens that can be used to authenticate and obtain
refresh/access tokens instead of using username/password.
On 14 March 2018 at 17:46, Pedro Igor Silva <psilva(a)redhat.com> wrote:
I think facebook, kube and openshift have different requirements.
They can
use persistent tokens because they have complete control over their
lifetime and they are targeted to be used within their environments.
Facebook in particular acts as both AS and resource server.
On Wed, Mar 14, 2018 at 1:02 PM, Bill Burke <bburke(a)redhat.com> wrote:
> On Wed, Mar 14, 2018 at 10:55 AM, Schuster Sebastian (INST/ESY1)
> <Sebastian.Schuster(a)bosch-si.com> wrote:
> > I always thought an offline token is a long-living refresh token...
> >
> > Best regards,
> > Sebastian
> >
>
> Yes, that's how OIDC thinks of offline tokens and how we've
> implemented it. But facebook, kubernetes, openshift have the concept
> of a persistent token that can be used in bearer requests.
>
> Bill
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>