[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth

Bill Burke bburke at redhat.com
Fri Nov 21 11:55:14 EST 2014



On 11/21/2014 11:35 AM, Juraci Paixão Kröhling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 11/21/2014 05:09 PM, Bill Burke wrote:
>> I don't think we ever want to separate the token from the user
>> session.
>
> So, this means that all hosts using an offline refresh token created
> for the user "jdoe1" will have to be replaced if said employee is
> fired? This would be the advantage (and main purpose, IMO) of having
> service accounts.
>

Why does a "service account" have to be anything special?  Why can't it 
be a regular user?

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list