[keycloak-dev] Allow bearer-only cilents to have service accounts

Pedro Igor psilva at redhat.com
Wed Jan 4 11:49:12 EST 2017


Yeah, it was there since day 0 if you look git history.
On 1/4/2017 12:23:42 PM, Stian Thorgersen <sthorger at redhat.com> wrote:


On 4 January 2017 at 14:56, Pedro Igor <psilva at redhat.com [mailto:psilva at redhat.com]> wrote:

+1. Besides, there is a very clear if statement on the token endpoint that blocks any attempt from bearer-only clients to obtain tokens.

FIY that if statement was added before we did service accounts / client credential grants
On 1/4/2017 3:47:48 AM, Stian Thorgersen <sthorger at redhat.com [mailto:sthorger at redhat.com]> wrote:
Currently a bearer-only client can't have a service account and that seems
like a mistake. Further this prevents bearer-only clients to use the
authorization services.

Is there any good reasons why bearer-only clients can't have service
accounts and be able to obtain token using the client credential grant?

The only thing a bearer-only client should be prevented to do IMO is
authenticate users (authorization code flow and resource owner credential
grant).

_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org [mailto:keycloak-dev at lists.jboss.org]
https://lists.jboss.org/mailman/listinfo/keycloak-dev [https://lists.jboss.org/mailman/listinfo/keycloak-dev]



More information about the keycloak-dev mailing list