[keycloak-user] API Tokens and Permissions (like GitHub Personal Tokens)
Scott Rossillo
srossillo at smartling.com
Fri Apr 10 12:10:12 EDT 2015
We have a system in place where a user is granted API access tokens for a
project. These tokens can also have permissions associated with them (it
could be as simple as read/write or read-only). In any case, if we migrate
to SSO with OIDC, I'm not sure how best to re-implement such a solution.
Should it even be a concern of the OIDC system? If so, is it something
that's being considered as a Keycloak feature? For example, GitHub allows
tokens to be generated and used in place of a password to access their
OAuth 2.0 API.
Thanks,
Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150410/e4e8ee8b/attachment.html
More information about the keycloak-user
mailing list