Re: [keycloak-user] OAuth Tokens and IoT Devices

Or you can use long-lived tokens (e.g: 1 week, 1 month) and reduce the frequency your devices refresh tokens ... On Wed, Sep 19, 2018 at 7:14 AM Federico Michele Facca < federico.facca(a)martel-innovate.com&gt; wrote: > Hi, > what is the current best solution in Keycloak to support a scenario where > devices needs to authenticate using OAuth against an API? > > At the time being, to simplify we use offline-refresh tokens and every > time, it the token is expired, generated out of that a new token. > > In term of performance the trick we use is to cache the access token and > refresh it when needed with a background process. > This process, unfortunately, for some tiny computational devices can be > quite demanding and slow down the most important > goal of sending data to the API at given intervarls. > > A better solution could be having a way to create never expiring access > tokens (or with a manually defined expired date), we understand > that may introduce security issues, but it would be only for specific > scenarios (and I doubt it will introduce more issues that the offline > token). > > Feelings? Suggestions? > > Cheers, > Federico > > -- > *Dr. FEDERICO MICHELE FACCA* > *Head of Martel Lab* > 0041 78 807 58 38 > *Martel Innovate* <https://www.martel-innovate.com/> - Professional > support for innovation projects > Click to download our innovators' insights! > <https://www.martel-innovate.com/premium-content/> > Follow Us on Twitter <https://twitter.com/Martel_Innovate> > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >