[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth
Bill Burke
bburke at redhat.com
Fri Nov 21 11:55:14 EST 2014
On 11/21/2014 11:35 AM, Juraci Paixão Kröhling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 11/21/2014 05:09 PM, Bill Burke wrote:
>> I don't think we ever want to separate the token from the user
>> session.
>
> So, this means that all hosts using an offline refresh token created
> for the user "jdoe1" will have to be replaced if said employee is
> fired? This would be the advantage (and main purpose, IMO) of having
> service accounts.
>
Why does a "service account" have to be anything special? Why can't it
be a regular user?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list