Re: [keycloak-user] Recommendations for protecting REST service with bearer token and basic auth
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Any thoughts on that?
My use case is similar to a regular "SaaS", in which I'd provide an
API key and API secret (or a single token, or ...) to the users, which
can then use those credentials on simple bash scripts.
- - Juca.
On 11/13/2014 05:58 PM, Juraci Paixão Kröhling wrote:
On 11/10/2014 02:38 PM, Bill Burke wrote:
> With basic auth, you have zero control over the client and
> you're handing over credentials to that client. Simple and easy
> for "hello world" apps sure.
Would it make sense to add something like Google's "Application
Specific Passwords"? This way, it's not the main credentials which
are being shared and those can be revoked individually if
necessary.
An application that is not OAuth capable for some reason could
then make use of this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJUa1p3AAoJEDnJtskdmzLMPQoH/ijvMSaxeXY5GeDYv+Rfrrua
UifH2J+bCIB+0YYM/yTCbyiLO1ohFovB4QB9iqkL77OOiFSP9obx8PfxOBTJJuN5
yDoD7ZBJlnFIUDiN9HmVeDH7x1qiVyTDmUbfo+tfoHfk/QUr0nQ4BfzfSQpe9wk7
5SNhBvCxtNRqNG9w52EujlEmLI7cXuBWOz39cKm8AYfVkKnf/2L8M6f9hd7x0uDZ
y1Va/u42GrHhWXjuVwuSG2hv1xWok92i3LM8xsJst3icSu2kbB9q7WnAA38bq4CN
6kE3j/OhNRSY69MyPbPaZNVRJgAK47mcco0/K76x/2cDTai4PI+W1n/FNz4m4Fw=
=9Lyk
-----END PGP SIGNATURE-----