Re: [keycloak-user] Obtaining access token by username only (no HMI)

Dear all, we have a question regarding Keycloak and obtaining an Access Token. Our setup is as follows: - users are created and maintained in Keycloak - resources, policies and permissions are also maintained in Keycloak *Our** use case is:* As a third party application, I want to obtain authorization information (e.g. resource- and scope-based permissions) for a specific user by only providing the username to Keycloak, so I can allow or prohibit further actions. *To be more specific: * We have an application exposing an interface the outside world. Any request from an interface-consuming application contains the name of the user in the request header that called an action on this interface (The username in the request is the same as in Keycloak). *The question is now: * How can we obtain an access token for the user (by only knowing the username) that is needed in order to call/use Keycloak’s AuthZ client to retrieve authorization information (e.g. via its entitlement API)? We also thought about using offline tokens, but it might be that a user (available in Keycloak) that is sent within the request might have never logged in to any protected application before – therefore we would not be able to have offline tokens at hand that we could use to request a new access token. Is there a solution to obtain an access token for such a user? Thanks, Christian _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user