7:46 a.m.
Hello Stian, here is what I am trying to do:
1. Create a self-service registration application, all users will use this application to
register with their own email or twitter/facebook/google acct email. I will imagine I use
the Keycloak login and use CSS to customize it to integrate with my own application.
2. The user will be issued a key/access token, this key will be used later to authorize
the REST calls
Now I want to support 3 kinds of authorization for the different REST calls:
1. API key only - for calls that just need to establish identity, but don't need to
authenticate or authorize.
2. Authentication for more sensitive calls where I want to delegate authorization to a
trusted location (i.e. keycloak)
3. Authorization for certain services where only authorized partners can invoke.
Can you outline how I can implement this in Keycloak, esp what part I have to implement
myself. I plan to use RestEasy to implement Restful services, but I need to make sure the
Restful services can be called by all clients (i.e. support popular OAuth libraries).
Thanks…
Christina
On Jul 9, 2014, at 4:15 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
To answer your question properly I'd need more details about what
you're trying to achieve.
It does sound like we pretty much already have what you need, with the exception of
letting users themselves create clients. Depending on your use case it may be a good idea
to have a single realm (and share users) between all developers/applications, or it may be
better to have a realm per developer/application.
For the latter we do have a role that lets users create new realms, but not use any other
realms. This could be used to let a developer register with your platform and then be able
to login to the admin console to create clients, users, or whatever they want. For the
first we have discussed in the past, but do not support it yet, the ability to let users
register clients through the account management console.
----- Original Message -----
> From: "Christina Lau" <christinalau28(a)icloud.com>
> To: keycloak-user(a)lists.jboss.org
> Sent: Tuesday, 8 July, 2014 4:34:57 PM
> Subject: [keycloak-user] Keycloak and registration workflow for REST API platform
>
> I am wondering if I can use Keycloak to implementation the registration
> workflow for a REST API platform, similar to Twitter
> (https://apps.twitter.com/) or Linkedln
> (https://developer.linkedin.com/rest).
>
> I found some features like social login very applicable. However I am not
> quite sure how I will model this in Keycloak. For example, will I have 1
> realm per user and each user that registers will have their own oauth client
> for their third party appl(s) that I need to grant access to similar to the
> Tutorial 3 demo?
>
> If this is feasible to implement, can you outline the steps involved in this
> use case. I am thinking I will need to build a lot of it using the REST APIs
> you provided. Thanks in advance for any help.
>
> Christina
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>