[keycloak-user] OAuth Tokens and IoT Devices

Pedro Igor Silva psilva at redhat.com
Wed Sep 19 08:12:35 EDT 2018


Or you can use long-lived tokens (e.g: 1 week, 1 month) and reduce the
frequency your devices refresh tokens ...

On Wed, Sep 19, 2018 at 7:14 AM Federico Michele Facca <
federico.facca at martel-innovate.com> wrote:

> Hi,
> what is the current best solution in Keycloak to support a scenario where
> devices needs to authenticate using OAuth against an API?
>
> At the time being, to simplify we use offline-refresh tokens and every
> time, it the token is expired, generated out of that a new token.
>
> In term of performance the trick we use is to cache the access token and
> refresh it when needed with a background process.
> This process, unfortunately, for some tiny computational devices can be
> quite demanding and slow down the most important
> goal of sending data to the API at given intervarls.
>
> A better solution could be having a way to create never expiring access
> tokens (or with a manually defined expired date), we understand
> that may introduce security issues, but it would be only for specific
> scenarios (and I doubt it will introduce more issues that the offline
> token).
>
> Feelings? Suggestions?
>
> Cheers,
> Federico
>
> --
> *Dr. FEDERICO MICHELE FACCA*
> *Head of Martel Lab*
> 0041 78 807 58 38
> *Martel Innovate* <https://www.martel-innovate.com/>  -  Professional
> support for innovation projects
> Click to download our innovators' insights!
> <https://www.martel-innovate.com/premium-content/>
> Follow Us on Twitter <https://twitter.com/Martel_Innovate>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list