[keycloak-user] Stateless REST webservice registration

Stian Thorgersen sthorger at redhat.com
Fri Nov 4 01:20:55 EDT 2016


You don't always need to register a client for a REST services, but it
needs to be registered if:
* You invoke token introspection endpoint
* You use authorization services
* You want to retrieve config for the adapter from Keycloak
* You want to assign client level roles to the service

But, if all you want is to verify the token you can skip registering in
Keycloak server.

On 1 November 2016 at 09:57, Robert . <robert.discussions at gmail.com> wrote:

> I'm trying to expand my knowledge about Keycloak and OpenID Connect.
> Is it necessary for a stateless REST webservice to be registered as a
> client in Keycloak?
> The token send to the REST service is signed, so the REST service could
> verify the authenticity and validity of the token if it has the public key
> of the keycloak server.
>
> Why would there be any need for direct communication between the REST
> service and Keycloak?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list