[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth

Juraci Paixão Kröhling juraci at kroehling.de
Wed Nov 19 08:30:02 EST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 11/19/2014 01:01 PM, Stian Thorgersen wrote:
> One exception though is that in this case you probably want an
> offline token, which is something we don't support yet. Basically
> an offline token would be a token that's not associated with a
> specific user session, which would have a longer (possibly
> unlimited) lifetime. The user would also need to be able to view
> and revoke these tokens through the account management.

That's exactly what I mean :-) Is there a plan for this feature
already? If not, and if it's a desirable feature to have, I might be
able to scratch a possible solution for it.

- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCgAGBQJUbJtaAAoJEDnJtskdmzLMV08H/1JDyGtjdvfjuLzW1d2jblUh
1jhYMUwqoTLNm1nl3mQz6NQM5VZDffbWs3Q3e20fQu2CPuj04twaN7vOLtEJgUAL
P1qzYi5w3IwP19nQbqBbkD9Kr9FihV1tYYttWMr2ZvnC+2IncPJaRJXMEN1KTy+E
STz5SGvSnkaLPPql6cZutSwxJ/BCKVyP4bubZYQu87ZMzOOTvPgDFACKVvVINCQx
DFBYXPCRlnMBrBVCIR1AQ9VapQ94rgjxhVuz/UkHUSYovzeENdXIUdz3HfC7nPck
cbyj7R5FslCm4LszhMIh4Ir9f5MapgyVuI+NSwLeaUS8YY+MWfeOUbk4SWyU4rw=
=Qdrd
-----END PGP SIGNATURE-----


More information about the keycloak-user mailing list