[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth
Stian Thorgersen
stian at redhat.com
Wed Nov 19 03:33:42 EST 2014
----- Original Message -----
> From: "Juraci Paixão Kröhling" <juraci at kroehling.de>
> To: keycloak-user at lists.jboss.org
> Sent: Tuesday, November 18, 2014 4:36:11 PM
> Subject: Re: [keycloak-user] Recommendations for protecting REST service with bearer token and basic auth
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 11/18/2014 04:21 PM, Bill Burke wrote:
> > How is that any different than our access tokens?
>
> To obtain an access token, I'd still need to talk with the Auth server
> and then, based on the response (ie, synchronously), send a request
> with a bearer token to the service. This is not viable when the client
> sends several (thousands of) requests to the service.
Why does the shell script have to talk to the auth server for every request? It should cache the token, not the users credentials.
>
> That without mentioning the difficulties in parsing tokens via a shell
> script.
Why does the shell script have to parse the token? Does it not just pass it on to the rest services it invokes.
>
> - - Juca.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBCgAGBQJUa2drAAoJEDnJtskdmzLMBcQH/ivngsWkJRYFDEKkhWRFnLbq
> QS/cm4qx6t9YeQt0fWX0hHbRKtMO9wZNDKcPotd5Schx2Rry86g2FbulBg+6Pb2p
> V8G4s0sTSh8jTcZZLlg8756IKwBIpX3xm05nx2TpxWg1d1MwrZb4d533vRevJkmP
> nZpugEIB6btE5LrnnW5XbU1GdtkowTMuXAVCCUIa8PvtpOY8UfWQCPAakPx+er7l
> 7Ejjv3hEyaSs2pl8kjVJ41c4skWNOymPmUfgK5CzTthltElNzi675wmHMWjuaUbd
> 2jnyns6savc9uOslTfugg3cs7gP0BZV5NRd7wN/LTMxxUzbp9cCuTNfKD5T3ceE=
> =pYMG
> -----END PGP SIGNATURE-----
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list