[keycloak-user] OAuth Tokens and IoT Devices

Federico Michele Facca federico.facca at martel-innovate.com
Wed Sep 19 06:02:04 EDT 2018


Hi,
what is the current best solution in Keycloak to support a scenario where
devices needs to authenticate using OAuth against an API?

At the time being, to simplify we use offline-refresh tokens and every
time, it the token is expired, generated out of that a new token.

In term of performance the trick we use is to cache the access token and
refresh it when needed with a background process.
This process, unfortunately, for some tiny computational devices can be
quite demanding and slow down the most important
goal of sending data to the API at given intervarls.

A better solution could be having a way to create never expiring access
tokens (or with a manually defined expired date), we understand
that may introduce security issues, but it would be only for specific
scenarios (and I doubt it will introduce more issues that the offline
token).

Feelings? Suggestions?

Cheers,
Federico

-- 
*Dr. FEDERICO MICHELE FACCA*
*Head of Martel Lab*
0041 78 807 58 38
*Martel Innovate* <https://www.martel-innovate.com/>  -  Professional
support for innovation projects
Click to download our innovators' insights!
<https://www.martel-innovate.com/premium-content/>
Follow Us on Twitter <https://twitter.com/Martel_Innovate>


More information about the keycloak-user mailing list