11:10 a.m.
We have a system in place where a user is granted API access tokens for a
project. These tokens can also have permissions associated with them (it
could be as simple as read/write or read-only). In any case, if we migrate
to SSO with OIDC, I'm not sure how best to re-implement such a solution.
Should it even be a concern of the OIDC system? If so, is it something
that's being considered as a Keycloak feature? For example, GitHub allows
tokens to be generated and used in place of a password to access their
OAuth 2.0 API.
Thanks,
Scott
11:41 a.m.
Keycloak's access token format is an extension of JWT (JsonWebToken) in
which we added role claims. Hoe that answers your question.
On 4/10/2015 12:10 PM, Scott Rossillo wrote:
We have a system in place where a user is granted API access tokens
for
a project. These tokens can also have permissions associated with them
(it could be as simple as read/write or read-only). In any case, if we
migrate to SSO with OIDC, I'm not sure how best to re-implement such a
solution.
Should it even be a concern of the OIDC system? If so, is it something
that's being considered as a Keycloak feature? For example, GitHub
allows tokens to be generated and used in place of a password to access
their OAuth 2.0 API.
Thanks,
Scott
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
12:02 p.m.
Not quite. JTW and Keycloak's extensions make sense. The part I'm not sure
where best to manage is the API user. I'm assuming from your answer that
you'd envision each API user being a user in the Keycloak system, correct?
If so, I'm still not sure how to associate these with the main user account.
On Fri, Apr 10, 2015 at 12:41 PM, Bill Burke <bburke(a)redhat.com> wrote:
Keycloak's access token format is an extension of JWT
(JsonWebToken) in
which we added role claims. Hoe that answers your question.
On 4/10/2015 12:10 PM, Scott Rossillo wrote:
> We have a system in place where a user is granted API access tokens for
> a project. These tokens can also have permissions associated with them
> (it could be as simple as read/write or read-only). In any case, if we
> migrate to SSO with OIDC, I'm not sure how best to re-implement such a
> solution.
>
> Should it even be a concern of the OIDC system? If so, is it something
> that's being considered as a Keycloak feature? For example, GitHub
> allows tokens to be generated and used in place of a password to access
> their OAuth 2.0 API.
>
> Thanks,
> Scott
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3561
days inactive
3561
days old
2 comments
2 participants
participants (2)
-
Bill Burke -
Scott Rossillo