[keycloak-user] Best Practices in Production environment

Rakesh Alladi rakesh.alladi at salesfusion.com
Tue Jul 17 15:18:01 EDT 2018


Hi All,

In terms of securing the REST Api,can someone please shed somelight on what
are the OIDC/OAuth Flow considerations one should consider that are at par
with Best Practices to be implemented in Production environment:

1. How should a REST service be secured and configured in Keycloak? Should
we use Access Type as "bearer-only" or "Confidential"
2. How should an Internal REST client is configured? Should we use "Offline
Access" or "Client Credentials"
3. How should an External REST client is configured? Should we use "Client
Credentials"

Any help on the above is much appreciated.

Thanks
Rakesh

-- 
IMPORTANT: The information contained in this message is intended only for 
the confidential use of the designated recipient. If the reader of this 
message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you 
have received this document in error and that any review, dissemination, 
distribution or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately and 
delete this message and any attachments from your computer. Thank you.


More information about the keycloak-user mailing list