[keycloak-dev] Persistent token

Juraci Paixão Kröhling jpkroehling at redhat.com
Tue May 26 13:08:08 EDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

For Hawkular, we have an agent that runs on behalf of an user on a
separate machine (a server), sending metrics to our backend, secured
by Keycloak.

While we could perform all the OAuth steps in our agent code, a goal
for us is to make it as easy as possible for third-parties to write
"agents". So, having a basic-auth-like scenario is the ideal scenario
for us.

I think I have discussed this scenario earlier with Marek and/or Stian
via IRC but I don't think a conclusion was made back then.

Basically, what we would need is either a "persistent token" or a
key/secret mechanism. For now, we are making the agent use the
basic-auth, but that implies in the agent knowing the user's password
(which is not ideal).

As I understand that there were some talks about this before, I would
like to understand what's the current (planned) solution for this
scenario. Depending on how it goes, I can start with a PoC and send it
as a PR for Keycloak.

- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVZKh4AAoJECKM1e+fkPrXdoUH/3DJty468AQ0MQgo5SokCrfu
GvfGkDi0yMvOutsPdAYVGLxwUAFNFXICG1x/iP3UZYHcZgqzuclwMJQOV3/RKNAb
uGn5VlllV5rhUnJiF49QeGVrYwB/O9llkRty5jzIzo0vej8eZl8LIQroxjIwpCEQ
gy9OwBnj60mBcTvE33EgKKhAsBQ+aVKCFsc/LLDPxBljWvwk5o4OOwJ7HoqFoOI6
Jh78ehOJam1cJug8U3wBWvf9VI2cZzxTAw5fUlM7YBwqR1ewiYsk2XrxQP7DTu76
F0fYsi/fK2y8LA84K+QAztxXvOb5GiS/t6ZZAUER/ZkyzFUJ6qf908gwgqZKWA8=
=dcGk
-----END PGP SIGNATURE-----


More information about the keycloak-dev mailing list