Right now we require you to create a user and give permissions to that
user. Not sure if we'll add client credentials grant as it would
require having role mappings for clients and applications.
On 8/12/2014 11:40 AM, Schneider, John DODGE CONSULTING SERVICES, LLC wrote:
I’ve been evaluating the “Direct Access Grants” functionality of
Keycloak. Overall, I think I can make it work for my use cases, but I
do have a couple of concerns.
Chapter 12 of the documentation compares Keycloak’s Direct Access Grants
functionality to OAuth2’s “Resource Owner Password Credentials Grant.”
However, if I understand the specification correctly, this grant type is
only for using the resource owner’s credentials. What if we can’t
authorize using the resource owner credentials, but need to authorize
the client itself using the client id and secret alone? For this, we
need support for the “Client Credentials Grant”. Is this planned for
By adding the required “grant_type” parameter to the
“tokens/grants/access” service endpoint, it seems like both the
“password” and “client_credentials” could be supported, with the
“client_credentials” grant type simply not requiring the username and
password form parameters in the POST. Thoughts on this?
keycloak-user mailing list
JBoss, a division of Red Hat