Not sure you need offline token. Offline token is useful if you need to
do something on behalf of user when this user is not online (eg. some
background task). Here the user will be always online AFAIK?
Also the offline token is kind of refresh token, which is useful just
for refreshing the access token. But offline token (or refresh token)
itself is not intended to be used as bearer token from the
authentication of one application to other.
I am not sure I understand your usecase, but maybe you can:
- Login into app A and then invoke the REST endpoint on app B with the
access token used as bearer token
- Or secure app B with Keycloak too and authenticate with "prompt=none"
parameter, which will mean that app B will be authenticated just if user
is already authenticated in SSO session. Otherwise Keycloak login form
won't be shown and app B will need to be authenticated some other way.
Marek
On 23/06/17 19:05, Sherminator Kasuga wrote:
I have a web app (called A) that is using Keycloak to login in.
There is another external web app (called B) that uses an own system as
login.
Now I need to create a link between A to B that automatic logins into web
app B without keycloak login form (auto-login).
How can i reproduce this behavior?
I have user and a password for B , and i am thinking to use an offline
token could help me with this objective.
username=bburke&password=geheim&grant_type=password&scope=offline_access
Saving into the database of A the offline token at the first time that
i use the link and then using this offline token for the next.
could it be possible?
my idea is something like:
If database.offlinetoken = empty
LINK_TO_GENERATE_OFFLINE_TOKEN --- save this token into db after login in B
else
LINK_USING_OFFLINETOKEN
endif
Do you have any example about how to build above links? Thanks in advance :)
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user