4:13 a.m.
Hi.
My name is Adam and I am new to keycloak.
I want to create link/access point where user does'n input his password or send his
secret in angular 2 application + rest client secured by keycloak. This access is for
specified part of data but temporary not single access.
What possibilities keycloak gives to resolve this feature?
I think about generating token in other application on server and send it to user by
email. This way I can use client secret.
How to generate valid token accepted in keycloak without connection with it? But is this
good approach? If it is what can I use to create this in best way?
Can send request to keycloak for this kind of token for specified client for user
requested?
Adam Michalski
6:36 a.m.
It's not really something that we support well. I'd probably just generate
tokens in the app directly as this is not really a use-case an IdP solves.
An SSO server like Keycloak assumes there's a user that authenticates. You
could potentially use a service account to create some limited access
tokens and include the access token directly in the link. The link would
only be valid for a few minutes though. We have considered adding an option
where you can generate tokens with a longer expiration than the realm
default, but that's not something we're planning on doing immediately and
it also has to be done carefully considering the potential security
implications of it.
On 30 December 2016 at 11:13, <adam.michalski(a)aol.com> wrote:
Hi.
My name is Adam and I am new to keycloak.
I want to create link/access point where user does'n input his password or
send his secret in angular 2 application + rest client secured by keycloak.
This access is for specified part of data but temporary not single access.
What possibilities keycloak gives to resolve this feature?
I think about generating token in other application on server and send it
to user by email. This way I can use client secret.
How to generate valid token accepted in keycloak without connection with
it? But is this good approach? If it is what can I use to create this in
best way?
Can send request to keycloak for this kind of token for specified client
for user requested?
Adam Michalski
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2915
days inactive
2918
days old
1 comments
2 participants
participants (2)
-
adam.michalski@aol.com -
Stian Thorgersen