[Apiman-user] Question about OAuth2 (apiman & keycloak)
Charles Moulliard
cmoulliard at redhat.com
Mon Sep 7 12:18:16 EDT 2015
Hi,
This blog post details how to use Oauth2 between APiman & Keycloak
("http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html").
I have some questions to ask you about where these requests are related
to OAuth2 spec/protocol
When we issue the request to get an access token for the client_id =
apiman "curl -X POST
http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token
-H "Content-Type: application/x-www-form-urlencoded" -d
"username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d
'client_id=apiman'", does this request corresponds to Oauth 2 process
where the client requests an access token to the authorization server (=
keycloak) using as grant-type = password
(http://oauthlib.readthedocs.org/en/latest/oauth2/grants/password.html) ?
Is this request also issued by the "Apiman OAuth2 Policy" when a HTTP
Client will call the gateway to access a HTTP endpoint secured by the
Api gateway ?
Regards,
Charles
More information about the Apiman-user
mailing list