[keycloak-user] Securing 3rd party APIs

Pavel Maslov pavel.masloff at gmail.com
Tue May 17 08:26:09 EDT 2016


Hi all,


Suppose we have a 3rd party REST API, which is not secured. How could we
integrate OAuth2.0 authentication using Keycloak? My first guess is to
create a mediation service (written in Java), which will use the Keycloak
Java adapter and will authenticate users based off the security_token
(passed to the mediation service with each request), and forward all
requests (including headers) to the 3rd party REST API (unsecured).

Does it make any sense? If so, has anyone written something similar?

Thanks.

Regards,
Pavel Maslov, MS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160517/43c4b7a0/attachment.html 


More information about the keycloak-user mailing list