[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth

Juraci Paixão Kröhling juraci at kroehling.de
Tue Nov 18 10:36:11 EST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 11/18/2014 04:21 PM, Bill Burke wrote:
> How is that any different than our access tokens?

To obtain an access token, I'd still need to talk with the Auth server
and then, based on the response (ie, synchronously), send a request
with a bearer token to the service. This is not viable when the client
sends several (thousands of) requests to the service.

That without mentioning the difficulties in parsing tokens via a shell
script.

- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCgAGBQJUa2drAAoJEDnJtskdmzLMBcQH/ivngsWkJRYFDEKkhWRFnLbq
QS/cm4qx6t9YeQt0fWX0hHbRKtMO9wZNDKcPotd5Schx2Rry86g2FbulBg+6Pb2p
V8G4s0sTSh8jTcZZLlg8756IKwBIpX3xm05nx2TpxWg1d1MwrZb4d533vRevJkmP
nZpugEIB6btE5LrnnW5XbU1GdtkowTMuXAVCCUIa8PvtpOY8UfWQCPAakPx+er7l
7Ejjv3hEyaSs2pl8kjVJ41c4skWNOymPmUfgK5CzTthltElNzi675wmHMWjuaUbd
2jnyns6savc9uOslTfugg3cs7gP0BZV5NRd7wN/LTMxxUzbp9cCuTNfKD5T3ceE=
=pYMG
-----END PGP SIGNATURE-----


More information about the keycloak-user mailing list