[keycloak-user] API Tokens and Permissions (like GitHub Personal Tokens)

Scott Rossillo srossillo at smartling.com
Fri Apr 10 13:02:08 EDT 2015


Not quite. JTW and Keycloak's extensions make sense. The part I'm not sure
where best to manage is the API user. I'm assuming from your answer that
you'd envision each API user being a user in the Keycloak system, correct?
If so, I'm still not sure how to associate these with the main user account.

On Fri, Apr 10, 2015 at 12:41 PM, Bill Burke <bburke at redhat.com> wrote:

> Keycloak's access token format is an extension of JWT (JsonWebToken) in
> which we added role claims.  Hoe that answers your question.
>
> On 4/10/2015 12:10 PM, Scott Rossillo wrote:
> > We have a system in place where a user is granted API access tokens for
> > a project. These tokens can also have permissions associated with them
> > (it could be as simple as read/write or read-only). In any case, if we
> > migrate to SSO with OIDC, I'm not sure how best to re-implement such a
> > solution.
> >
> > Should it even be a concern of the OIDC system? If so, is it something
> > that's being considered as a Keycloak feature? For example, GitHub
> > allows tokens to be generated and used in place of a password to access
> > their OAuth 2.0 API.
> >
> > Thanks,
> > Scott
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150410/e6c2ae14/attachment.html 


More information about the keycloak-user mailing list