That's an interesting use-case. There's no rest endpoints to retrieve access
codes, only authorization tokens which you don't really want to send as a URL query
parameter.
For a SSO solution between your fat client and the web apps the solutions I can think of
are:
* Use browser to login fat client - we have cli examples that do this
* Use Kerberos - this is more complicated and we only plan to add support to authenticate
via Kerberos tickets, not to issue tickets ourselves
We have discussed the idea of adding an identity token to direct grant api. The idea was
that a cli (or fat client) could use the direct grant to obtain an identity token (token
for a sso session), which could be stored somewhere on the local file-system. This token
could then be used by other apps to retrieve authorization tokens without having to
provide user credentials. Maybe this idea could somehow be used by web apps as well, by
passing something in the url param.
----- Original Message -----
From: "Michael Gerber" <gerbermichi(a)me.com>
To: keycloak-user(a)lists.jboss.org
Sent: Tuesday, 9 December, 2014 4:56:05 PM
Subject: [keycloak-user] How to get an access code via rest service
Hi,
I've got a fat client and a web application.
My client wants to get an access code to open a new browser with these access
code as URL parameter, so the users are directly logged in without
reentering their credentials.
Thank you for your help!
kind regards
Michael
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user