[keycloak-user] Generate offline token
Stian Thorgersen
sthorger at redhat.com
Thu Nov 5 06:38:51 EST 2015
On 3 November 2015 at 09:32, Thomas Raehalme <
thomas.raehalme at aitiofinland.com> wrote:
> On Tue, Nov 3, 2015 at 10:23 AM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> * Create service account for customers - they can then use this to obtain
>> a token (offline or standard refresh) using REST endpoints on Keycloak
>>
>
> Sorry to step in, but could you please explain the use case or the
> reasoning for offline tokens on service accounts? If I have understood it
> correctly you'll still need clientId and secret to generate the access
> token from the offline token. Why not just use them to login whenever
> necessary? Thanks!
>
I wouldn't use offline tokens myself, but if you want to provide customers
with a "token" rather than a service account it should be an offline token.
Problem is that it'll be rather big, not just a short "api key".
>
> Best regards,
> Thomas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151105/4f2eecb2/attachment.html
More information about the keycloak-user
mailing list