[keycloak-user] Keycloak offline token

Marek Posolda mposolda at redhat.com
Mon Jul 3 15:18:54 EDT 2017 

Not sure you need offline token. Offline token is useful if you need to 
do something on behalf of user when this user is not online (eg. some 
background task). Here the user will be always online AFAIK?

Also the offline token is kind of refresh token, which is useful just 
for refreshing the access token. But offline token (or refresh token) 
itself is not intended to be used as bearer token from the 
authentication of one application to other.

I am not sure I understand your usecase, but maybe you can:
- Login into app A and then invoke the REST endpoint on app B with the 
access token used as bearer token
- Or secure app B with Keycloak too and authenticate with "prompt=none" 
parameter, which will mean that app B will be authenticated just if user 
is already authenticated in SSO session. Otherwise Keycloak login form 
won't be shown and app B will need to be authenticated some other way.

Marek

On 23/06/17 19:05, Sherminator Kasuga wrote:
> I have a web app (called A) that is using Keycloak to login in.
> There is another external web app (called B) that uses an own system as
> login.
>
> Now I need to create a link between A to B that automatic logins into web
> app B without keycloak login form (auto-login).
>
> How can i reproduce this behavior?
> I have user and a password for B , and i am thinking to use an offline
> token could help me with this objective.
>
> username=bburke&password=geheim&grant_type=password&scope=offline_access
>
> Saving into the database of A the offline token at the first time that
> i use the link and then using this offline token for the next.
>
> could it be possible?
>
>
> my idea is something like:
>
> If database.offlinetoken = empty
>      LINK_TO_GENERATE_OFFLINE_TOKEN  --- save this token into db after login in B
>
> else
>
>      LINK_USING_OFFLINETOKEN
> endif
>
>
> Do you have any example about how to build above links? Thanks in advance :)
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list