Well, this example answers the asked question, so many thanks Scott. However, I still have some doubts.

In the given code, the database service can only be accessed from another client (bearer only). However, let's suppose I also want to have access to its endpoints from a Web browser, for pure administrative purpose and only with the ADMIN role. I should change the access to confidential. Then I want to access the service from the customer app, but, since the current user role might not be ADMIN, I wouldn't be authorized for the remote access.

The only solution I can think for this is to keep the database service access bearer only and implement a specific database-ui service, which should replicate all the original endpoints (this involves adding a new endpoint to the ui service everytime I do it in the db service).

Is there a way for solving this which avoids having an specific ui service implemented? Sorry about all questions I'm still a starter!

Nire Sony Xperia™ telefonotik bidalita



---- Scott Rossillo igorleak idatzi du ----

Take a look at these Spring samples. It's set up automatically:

https://github.com/foo4u/keycloak-spring-demo/blob/master/customer-app/src/main/java/org/keycloak/example/spring/customer/service/RemoteCustomerService.java
On Tue, Dec 29, 2015 at 12:31 PM Aritz Maeztu <amaeztu@tesicnor.com> wrote:
At this moment there's a KeycloakRestTemplate to use it in Spring which allows an end user to retrieve data from other keycloak clients. However, a client might also be interested in accessing data with its own permissions and with no user interaction. Is there any implementation of a RestTemplate to utilize client service accounts and, if not, are there any plans to write it? This demo seems to do it manually.

Regards
--
Aritz Maeztu OtaƱo
Departamento Desarrollo de Software

Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf.: 948 21 40 40
Fax.: 948 21 40 41

Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es cosa de todos.
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user