[keycloak-user] Securing 3rd party APIs

Bruno Oliveira bruno at abstractj.org
Tue May 17 10:38:54 EDT 2016


Hi Pavel, isn't something like this http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#d4e1006
enough?

On 2016-05-17, Pavel Maslov wrote:
> Hi all,
>
>
> Suppose we have a 3rd party REST API, which is not secured. How could we
> integrate OAuth2.0 authentication using Keycloak? My first guess is to
> create a mediation service (written in Java), which will use the Keycloak
> Java adapter and will authenticate users based off the security_token
> (passed to the mediation service with each request), and forward all
> requests (including headers) to the 3rd party REST API (unsecured).
>
> Does it make any sense? If so, has anyone written something similar?
>
> Thanks.
>
> Regards,
> Pavel Maslov, MS

> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


--

abstractj
PGP: 0x84DC9914


More information about the keycloak-user mailing list