Re: [keycloak-user] UMA vs OAuth
On Wed, Aug 15, 2018 at 7:35 AM, Dmitry Pichugin <pdomsk(a)gmail.com> wrote:
Good day!
We are using Keyclaok in our project, have installed version 4.2.1.
Our task:
- integration with API gateway and use KeyCloak for resources protect.
We would be to use "Client Credentials Flow" from OAuth specs. But during
version 4, KeyCloak does not support OAuth and is recommended to apply UMA
2.0.
I'm not sure what you mean here. Where did you find this recommendation ?
Yes, the differences between UMA and OAuth not huge, as a request and
response(JWT token) formats, UMA has specific logic with RPT-token etc and
UMA gives some advantages(we do not have the plan to use it).
UMA is a standard mainly targeted for privacy (although there are other
benefits in using even if not for privacy), if you don't need users
managing their own resources, sharing, etc, yeah, you probably don't need
it. However, keep in mind that UMA support is one of the capabilities we
support in Keycloak Authorization Services, you can still use Keycloak to
enforce access to your protected resources using permissions
managed/granted by the server.
We try to make a request in OAuth specs but got the error.
Why does KeyCloak not support OAuth and UMA 2.0 same time? Do you have some
specific reasons for this?
We do support. Could you elaborate more what you are trying to achieve ?
Thank you!
Best regards. Dmitry Pichugin.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user