[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth

Bill Burke bburke at redhat.com
Wed Nov 19 10:01:36 EST 2014

On 11/19/2014 8:30 AM, Juraci Paixão Kröhling wrote:
> Hash: SHA512
> On 11/19/2014 01:01 PM, Stian Thorgersen wrote:
>> One exception though is that in this case you probably want an
>> offline token, which is something we don't support yet. Basically
>> an offline token would be a token that's not associated with a
>> specific user session, which would have a longer (possibly
>> unlimited) lifetime. The user would also need to be able to view
>> and revoke these tokens through the account management.
> That's exactly what I mean :-) Is there a plan for this feature
> already? If not, and if it's a desirable feature to have, I might be
> able to scratch a possible solution for it.

You guys are basically describing certificate auth.


Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-user mailing list