Ok great. Is it correct to map this admin-client approach to what is typically call
2-legged OAuth, and the tutorial 3 approach to 3-legged OAuth?
On Jul 15, 2014, at 11:44 AM, Bill Burke <bburke(a)redhat.com> wrote:
using admin-client is fine.
On 7/15/2014 11:38 AM, Christina Lau wrote:
> Thanks Bill, it works. However I noticed that it is using the admin-client as the
OAuth client for granting access to all users in the same realm. i.e. after I created my
own realm, I have to add admin-client to my own realm in order for this to work.
>
> New Question: Do you recommend we use admin-client as a generic OAuth client for
getting the access token, or should each user have their own OAuth client app like what
you show in Keycloak tutorial 3? I am not yet understanding their differences. Using
admin-client OAuth client seems more straightforward without the extra grant page and
without the need to create more OAuth clients. I just want to make sure that it is
intended to be use this way for client making Restful service calls secured by Keycloak.
The Keycloak notion still seems to be exposed a little bit, but it is not too bad.
>
> Thanks for your help.
>
> Christina
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com