[keycloak-user] Sharing users
Nils Preusker
n.preusker at gmail.com
Tue Apr 15 10:41:02 EDT 2014
By management REST API you mean the API the admin console uses?
Just to make sure I understand your suggestion correctly:
* I would use the management REST API (same API the admin console uses)
from my backend application
* my backend application would need a user ("application user") within the
keycloak-admin realm
* when accessing the management REST API, I would add an "Authorization:
Bearer ..." header with the token I can obtain from
.../auth/rest/realms/MY-REALM/tokens/grants/access
Cheers,
Nils
On Tue, Apr 15, 2014 at 3:10 PM, Bill Burke <bburke at redhat.com> wrote:
> IMO, you should not use the model directly in your applications. The
> management REST API gives you full access to security metadata. Use
> that. Plus, in the very near future (after beta-1 release) we'll be
> implementing a cache and if you are modifying data directly, there will
> be possibilities of this cache using stale data.
>
> On 4/15/2014 4:30 AM, Stian Thorgersen wrote:
> > At some point we'll add a Java and REST api's for user management. This
> will also include being able to register listeners for user events (for
> example user created, user deleted, etc).
> >
> > In the mean time I don't see any issues with using keycloak-model-jpa
> directly, especially not for read only. This API will quite likely change
> between versions, and we won't support any backwards compatibility. The
> "official" user management API once it's ready will be more stable, but I'm
> not sure when we'll have time to implement that.
> >
> > ----- Original Message -----
> >> From: "Nils Preusker" <n.preusker at gmail.com>
> >> To: keycloak-user at lists.jboss.org
> >> Sent: Tuesday, 15 April, 2014 9:22:44 AM
> >> Subject: [keycloak-user] Sharing users
> >>
> >> Hi, I have a question regarding user management and sharing access to
> the
> >> keycloak database between applications.
> >>
> >> While the keycloak admin console can be used to manage users, other
> >> applications may also need to access the user database. Is there a
> >> recommended way of accomplishing this?
> >>
> >> I've been experimenting with adding keycloak-model-jpa to my .war as a
> >> dependency and looking at the bootstrapping in
> >> org.keycloak.services.resources.KeycloakApplication. However, I wasn't
> able
> >> to get it to work yet and have the feeling that I might be going the
> wrong
> >> way here.
> >>
> >> Any hints?
> >>
> >> Cheers,
> >> Nils
> >>
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140415/9fdd9b49/attachment.html
More information about the keycloak-user
mailing list