Direct grants require the client to have access to an user's
credentials. On our specific case, having plain text access to the
account credentials are not viewed as very secure by sysadmins. So,
issuing those tokens and making them individually revokable make sense.
On 20.01.2016 16:32, Bill Burke wrote:
I honestly don't get why you are doing this. I assume you are familiar
with direct grants. Why aren't these enough? Its just a REST call to
keycloak to obtain a token. Honestly, this seems ridiculous.
On 1/20/2016 9:15 AM, Juraci Paixão Kröhling wrote:
For Hawkular, we were in the need of a simplified way for a REST client
to communicate with our backend. After discussing this with Stian, we
started the "secret-store" module, which was just spun off of Hawkular
into a "standalone" project.
Secret Store is a module for scenarios where the whole OAuth procedure
might be undesirable or not feasible on the client side.
The Secret Store has two sides:
1) a REST endpoint to create opaque tokens backed by OAuth Offline
Tokens composed of a key and secret;
2) An Undertow filter/Proxy server, that translates the opaque tokens
into OAuth bearer tokens, rewriting the incoming request. To your
backend, it's transparent whether an opaque token or a proper OAuth
token was used.
More info here: https://github.com/jpkrohling/secret-store
- Juca.
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user