[keycloak-user] Keycloak - Token access for external customer server

Ka Lam Chan klchan.kalam at gmail.com
Wed Sep 13 22:37:10 EDT 2017


Hi all

I am new to Keycloak SSO, and have been trying to setup a POC for a simple
microservice environment:

user -> public client 1 -> service 1

user -> public client 2 -> service 1

public client 1, 2 and service 1 are all Keycloak clients, service 1 is
bearer only. They are all spring boot with Keycloak-spring-boot-starter and
all user info, attributes and roles/auth comes from Keycloak and spring use
these roles/auth to perform @PreAuthorize and path access control.

Now I want to introduce a new path, public client 3, for non browser API
access by my customers:

customer server -> public client 3 -> service 1

My questions:

- Should customer server get token from Keycloak with client_credentials
grant, then access public client 3 with token? ie customer server is a
client on Keycloak.
- if no: Is Keycloak the right technology to use here, for granting token
of API access? what are the alternatives?
- if yes: I find Keycloak will create a temporary user, called
'service-account-public client 3' and email 'service-account-public client
3 at placeholder.org'. This user is deleted after session expired. As I use
email address for spring jpa audit, is there a way to change these default
attributes?

Regards
KL


More information about the keycloak-user mailing list