-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 11/19/2014 05:16 PM, Stian Thorgersen wrote:
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com> To:
> keycloak-user(a)lists.jboss.org Sent: Wednesday, 19 November, 2014
> 4:01:36 PM Subject: Re: [keycloak-user] Recommendations for
> protecting REST service with bearer token and basic auth
>
> You guys are basically describing certificate auth.
Yes for the one use-case I described (where the app is the user).
There's also the case where a user gives an application permanent
(offline) access to their account. In Google they have a special
scope you can request for this
(
https://developers.google.com/accounts/docs/OAuth2WebServer#offline).
If there are no objections, I'll start scratching an implementation of
this offline mode, as something on this direction will be needed for
the project I'm helping with.
Ideally, the project would benefit from using service accounts instead
of acting on behalf of an specific user, but as there will be only one
account per user/realm, this would do for now :-)
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJUbxP1AAoJEDnJtskdmzLM7IQH/RFJ5Cf0reec9CgMjxO1D1tt
lgS20P6d17Ki0UocoNidp59YdP5TRKycYbCMchbfTZu4In+9gEBzsdxK+4acprPF
sp6WCa1Comc8vFCX8Or9gxUEDRH+axWR4t/bIsBf23IvXQ1BUIVg0s21RxFoMhPP
fGHoaAEGthez6Dhr7GSwr46FEO2xP94jHJ7nAs67DNeh0vvZmQ1iynBkF3NmfQzP
dMCjny4i2D/UZCcSr72ud0DnoAi//vIQ86KObrqsiHV2eOhWYfHB9TozC/P1lKVM
5D8qByrnxtmgA/nYNuRFmKTYf2n6MZTU5AlSFJZr4svU6isl2zwkpczhwDRshjc=
=x/UK
-----END PGP SIGNATURE-----