[keycloak-user] Create access to secured data for user

Stian Thorgersen sthorger at redhat.com
Mon Jan 2 07:36:16 EST 2017


It's not really something that we support well. I'd probably just generate
tokens in the app directly as this is not really a use-case an IdP solves.
An SSO server like Keycloak assumes there's a user that authenticates. You
could potentially use a service account to create some limited access
tokens and include the access token directly in the link. The link would
only be valid for a few minutes though. We have considered adding an option
where you can generate tokens with a longer expiration than the realm
default, but that's not something we're planning on doing immediately and
it also has to be done carefully considering the potential security
implications of it.

On 30 December 2016 at 11:13, <adam.michalski at aol.com> wrote:

> Hi.
> My name is Adam and I am new to keycloak.
>
> I want to create link/access point where user does'n input his password or
> send his secret in angular 2 application + rest client secured by keycloak.
> This access is for specified part of data but temporary not single access.
>
> What possibilities keycloak gives to resolve this feature?
>
> I think about generating token in other application on server and send it
> to user by email. This way I can use client secret.
> How to generate valid token accepted in keycloak without connection with
> it? But is this good approach? If it is what can I use to create this in
> best way?
>
>
> Can send request to keycloak for this kind of token for specified client
> for user requested?
>
>
>
> Adam Michalski
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list