Re: [keycloak-user] Questions about keycloak
Hi,
On 27.11.2014 16:21, Ruben Lopez wrote:
Hi,
Our organization is currently evaluating the use of Keycloak and we
have some questions:
1 - Is there any way to obtain an access token for an OAuth Client via
Client Credentials[1]?
You mean something like Service account like this from
OAuth2 specs
http://tools.ietf.org/html/rfc6749#page-40 ? We don't have that yet, but
there are plans to support it afaik.
2 - If we make a request to an Application (Resource Server) with an
access token and this Application needs to talk to another protected
Application to form the response to the client, how does the first
Application authenticates to the second Application? Does Keycloak
implements something like Chain Grant Type Profile[2]?
yes, that is doable. We have
an example where we have frontend
application like 'customer-portal', which is able to retrieve
accessToken from keycloak like here:
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/c...
and then use this accessToken to send request to backend application
'database-service' in Authorization header
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/c...
. Database-service is then able to authenticate the token.
Currently our database-service is directly serving requests and send
back data, but it shouldn't be a problem to add another application to
the chain, so that database-service will send the token again to another
app like 'real-database-service', which will return data and those data
will be sent back to the original frontent requestor (customer-portal).
Is it something what you meant?
Marek
Thanks in advance.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 4.9 KB)