How is that any different than our access tokens?
On 11/18/2014 9:40 AM, Juraci Paixão Kröhling wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Any thoughts on that?
My use case is similar to a regular "SaaS", in which I'd provide an
API key and API secret (or a single token, or ...) to the users, which
can then use those credentials on simple bash scripts.
- - Juca.
On 11/13/2014 05:58 PM, Juraci Paixão Kröhling wrote:
> On 11/10/2014 02:38 PM, Bill Burke wrote:
>> With basic auth, you have zero control over the client and
>> you're handing over credentials to that client. Simple and easy
>> for "hello world" apps sure.
>
> Would it make sense to add something like Google's "Application
> Specific Passwords"? This way, it's not the main credentials which
> are being shared and those can be revoked individually if
> necessary.
>
> An application that is not OAuth capable for some reason could
> then make use of this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJUa1p3AAoJEDnJtskdmzLMPQoH/ijvMSaxeXY5GeDYv+Rfrrua
UifH2J+bCIB+0YYM/yTCbyiLO1ohFovB4QB9iqkL77OOiFSP9obx8PfxOBTJJuN5
yDoD7ZBJlnFIUDiN9HmVeDH7x1qiVyTDmUbfo+tfoHfk/QUr0nQ4BfzfSQpe9wk7
5SNhBvCxtNRqNG9w52EujlEmLI7cXuBWOz39cKm8AYfVkKnf/2L8M6f9hd7x0uDZ
y1Va/u42GrHhWXjuVwuSG2hv1xWok92i3LM8xsJst3icSu2kbB9q7WnAA38bq4CN
6kE3j/OhNRSY69MyPbPaZNVRJgAK47mcco0/K76x/2cDTai4PI+W1n/FNz4m4Fw=
=9Lyk
-----END PGP SIGNATURE-----
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user