[keycloak-user] Questions about keycloak
Ruben Lopez
rubenlop88 at gmail.com
Thu Nov 27 11:37:45 EST 2014
Hi Marek,
2014-11-27 12:38 GMT-03:00 Marek Posolda <mposolda at redhat.com>:
>
> 1 - Is there any way to obtain an access token for an OAuth Client via
> Client Credentials[1]?
>
> You mean something like Service account like this from OAuth2 specs
> http://tools.ietf.org/html/rfc6749#page-40 ? We don't have that yet, but
> there are plans to support it afaik.
>
>
> Yes, I was talking about secction 4.4 Client Credentials Grant. Any idea
about when it will be implemented?
> 2 - If we make a request to an Application (Resource Server) with an
> access token and this Application needs to talk to another protected
> Application to form the response to the client, how does the first
> Application authenticates to the second Application? Does Keycloak
> implements something like Chain Grant Type Profile[2]?
>
> yes, that is doable. We have an example where we have frontend application
> like 'customer-portal', which is able to retrieve accessToken from keycloak
> like here:
> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48
> and then use this accessToken to send request to backend application
> 'database-service' in Authorization header
> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L54
> . Database-service is then able to authenticate the token.
>
> Currently our database-service is directly serving requests and send back
> data, but it shouldn't be a problem to add another application to the
> chain, so that database-service will send the token again to another app
> like 'real-database-service', which will return data and those data will be
> sent back to the original frontent requestor (customer-portal). Is it
> something what you meant?
>
Thats exactly what I meant. I will take a look at the example.
Thank you very much.
> Marek
>
>
> Thanks in advance.
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141127/5c731536/attachment.html
More information about the keycloak-user
mailing list