Re: [keycloak-user] Best Practice m2m
On Fri, May 25, 2018 at 2:37 AM, Uli SE <keycloaklist(a)ulise.de> wrote:
Hi,
we are developing a quite big angular + jboss-rest application with
Keycloak OIC as auth layer. We are passing a brunch of user(login)
specific information in a bearer token from angular to the rest-services
when calling them.
Now we have the situation, that some (automated/cyclic) services has to
call some other services on behalf of an user without the user has
logged in before - but with some login information.
How do you solve such situations? Should we use persistant tokens or is
some kind of impersonation a better solution?
I think none of these approaches will work for you. And what you need is
someway to allow your backend services to obtain an access/refresh tokens.
I think this is something that Google Sign-In does with their hybrid
server-side flow using a one-time code [1].
Other can give their feedback about this, but I'm not sure how to properly
solve this problem without a specific funcionality in Keycloak side.
[1] https://developers.google.com/identity/sign-in/web/server-side-flow
Many rhansk for discussion,
Uli
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user