[keycloak-dev] Using provided AccessToken in Keycloak client

Thomas Darimont thomas.darimont at googlemail.com
Mon Aug 8 03:58:14 EDT 2016


Hello group,

I have the following scenario:
1) A SSO authenticated User1 calls Service1 (confidential client).
2) Service1 extracts access token.
3) Service1 performs a remote call to Service2 passing the access token
along.
4) Service2 needs to do something in the name of User1 in Keycloak (e.g.
set a user attribute, or create a new users)
5) Service2 uses org.keycloak.admin.client.Keycloak to communicate with
Keycloak
to perform the requested operation.

I want to be able to propagate the access token in
Service to service calls and use the 'org.keycloak.admin.client.Keycloak'
client
with the provided access token to perform an operation in Keycloak.

Currently 'org.keycloak.admin.client.Keycloak' only supports client
credentials and / or password,
which it uses to get an refresh token to renew a potentially timed out
access token.

As a PoC I slightly adjusted the Keycloak client to allow for externally
provided access tokens:
https://gist.github.com/thomasdarimont/d82c4478df997556a9d16afb79787459

I think the Keycloak Client should also support "call once" scenarios with
a provided access token out of the box.

Shall I create a JIRA for this?

Cheers,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160808/c496db52/attachment.html 


More information about the keycloak-dev mailing list