Re: [keycloak-user] Recommendations for protecting REST service with bearer token and basic auth
On 11/21/2014 11:35 AM, Juraci Paixão Kröhling wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 11/21/2014 05:09 PM, Bill Burke wrote:
> I don't think we ever want to separate the token from the user
> session.
So, this means that all hosts using an offline refresh token created
for the user "jdoe1" will have to be replaced if said employee is
fired? This would be the advantage (and main purpose, IMO) of having
service accounts.
Why does a "service account" have to be anything special? Why can't it
be a regular user?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com