Re: [keycloak-user] Sharing users

User information can be obtained from the IDToken within KeycloakSecurityContext. You can setup what information is in the IDToken via the claims page in each application/oauth client. For other user requests (like changing passwords), use the Account Service. Every authenticated user has permission to access this REST API by default. On 4/15/2014 10:41 AM, Nils Preusker wrote: > By management REST API you mean the API the admin console uses? > > Just to make sure I understand your suggestion correctly: > > * I would use the management REST API (same API the admin console uses) > from my backend application > * my backend application would need a user ("application user") within > the keycloak-admin realm > * when accessing the management REST API, I would add an "Authorization: > Bearer ..." header with the token I can obtain from > .../auth/rest/realms/MY-REALM/tokens/grants/access > > Cheers, > Nils > > > > On Tue, Apr 15, 2014 at 3:10 PM, Bill Burke <bburke(a)redhat.com > <mailto:bburke@redhat.com>> wrote: > > IMO, you should not use the model directly in your applications. The > management REST API gives you full access to security metadata. Use > that. Plus, in the very near future (after beta-1 release) we'll be > implementing a cache and if you are modifying data directly, there will > be possibilities of this cache using stale data. > > On 4/15/2014 4:30 AM, Stian Thorgersen wrote: > > At some point we'll add a Java and REST api's for user > management. This will also include being able to register listeners > for user events (for example user created, user deleted, etc). > > > > In the mean time I don't see any issues with using > keycloak-model-jpa directly, especially not for read only. This API > will quite likely change between versions, and we won't support any > backwards compatibility. The "official" user management API once > it's ready will be more stable, but I'm not sure when we'll have > time to implement that. > > > > ----- Original Message ----- > >> From: "Nils Preusker" <n.preusker(a)gmail.com > <mailto:n.preusker@gmail.com>> > >> To: keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > >> Sent: Tuesday, 15 April, 2014 9:22:44 AM > >> Subject: [keycloak-user] Sharing users > >> > >> Hi, I have a question regarding user management and sharing > access to the > >> keycloak database between applications. > >> > >> While the keycloak admin console can be used to manage users, other > >> applications may also need to access the user database. Is there a > >> recommended way of accomplishing this? > >> > >> I've been experimenting with adding keycloak-model-jpa to my > .war as a > >> dependency and looking at the bootstrapping in > >> org.keycloak.services.resources.KeycloakApplication. However, I > wasn't able > >> to get it to work yet and have the feeling that I might be going > the wrong > >> way here. > >> > >> Any hints? > >> > >> Cheers, > >> Nils > >> > >> _______________________________________________ > >> keycloak-user mailing list > >> keycloak-user(a)lists.jboss.org <mailto: keycloak-user(a)lists.jboss.org&gt; > >> https://lists.jboss.org/mailman/listinfo/keycloak-user > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org <mailto: keycloak-user(a)lists.jboss.org&gt; > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user