[keycloak-user] How to get an access code via rest service

Stian Thorgersen stian at redhat.com
Mon Dec 15 05:08:54 EST 2014


That's an interesting use-case. There's no rest endpoints to retrieve access codes, only authorization tokens which you don't really want to send as a URL query parameter.

For a SSO solution between your fat client and the web apps the solutions I can think of are:

* Use browser to login fat client - we have cli examples that do this
* Use Kerberos - this is more complicated and we only plan to add support to authenticate via Kerberos tickets, not to issue tickets ourselves

We have discussed the idea of adding an identity token to direct grant api. The idea was that a cli (or fat client) could use the direct grant to obtain an identity token (token for a sso session), which could be stored somewhere on the local file-system. This token could then be used by other apps to retrieve authorization tokens without having to provide user credentials. Maybe this idea could somehow be used by web apps as well, by passing something in the url param.

----- Original Message -----
> From: "Michael Gerber" <gerbermichi at me.com>
> To: keycloak-user at lists.jboss.org
> Sent: Tuesday, 9 December, 2014 4:56:05 PM
> Subject: [keycloak-user] How to get an access code via rest service
> 
> Hi,
> 
> I've got a fat client and a web application.
> My client wants to get an access code to open a new browser with these access
> code as URL parameter, so the users are directly logged in without
> reentering their credentials.
> 
> Thank you for your help!
> 
> kind regards
> Michael
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list