[keycloak-user] Best Practice m2m

Hi, we are developing a quite big angular + jboss-rest application with Keycloak OIC as auth layer. We are passing a brunch of user(login) specific information in a bearer token from angular to the rest-services when calling them. Now we have the situation, that some (automated/cyclic) services has to call some other services on behalf of an user without the user has logged in before - but with some login information. How do you solve such situations? Should we use persistant tokens or is some kind of impersonation a better solution? Many rhansk for discussion, Uli