[keycloak-user] Backend to Backend Call

Morse, Alexander (US - Newton) amorse at deloitte.com
Mon Oct 31 17:10:58 EDT 2016


Hi,

Want to know the recommended approach for having asynchronous backend services that are secured through bearer tokens call each other. We have an interactive web application that calls a backend service. The JavaScript adapter places the access token in the Authorization header. This backend services starts an asynchronous job that then calls another backend service, passing along the same Access Token. The problem arises when the access token has expired while the first job was processing. Seems like one relatively straight forward approach would be to have the front end pass a refresh token to the backend, which it can use to obtain a new access token. Are there better approaches? The adapters do not seem to natively support this.

Thanks,
Alex




This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and any disclosure, copying, or distribution of this message, or the taking of any action based on it, by you is strictly prohibited.

v.E.1









More information about the keycloak-user mailing list