[keycloak-user] OAuth Tokens and IoT Devices

Federico Michele Facca federico.facca at martel-innovate.com
Wed Sep 19 08:20:00 EDT 2018


Hi Pedro :)
My understanding (but I may be wrong) is that in this way I will affect the
whole realm not just a client. Correct?

Cheers,
Federico

On 19 September 2018 at 14:12, Pedro Igor Silva <psilva at redhat.com> wrote:

> Or you can use long-lived tokens (e.g: 1 week, 1 month) and reduce the
> frequency your devices refresh tokens ...
>
> On Wed, Sep 19, 2018 at 7:14 AM Federico Michele Facca <
> federico.facca at martel-innovate.com> wrote:
>
>> Hi,
>> what is the current best solution in Keycloak to support a scenario where
>> devices needs to authenticate using OAuth against an API?
>>
>> At the time being, to simplify we use offline-refresh tokens and every
>> time, it the token is expired, generated out of that a new token.
>>
>> In term of performance the trick we use is to cache the access token and
>> refresh it when needed with a background process.
>> This process, unfortunately, for some tiny computational devices can be
>> quite demanding and slow down the most important
>> goal of sending data to the API at given intervarls.
>>
>> A better solution could be having a way to create never expiring access
>> tokens (or with a manually defined expired date), we understand
>> that may introduce security issues, but it would be only for specific
>> scenarios (and I doubt it will introduce more issues that the offline
>> token).
>>
>> Feelings? Suggestions?
>>
>> Cheers,
>> Federico
>>
>> --
>> *Dr. FEDERICO MICHELE FACCA*
>> *Head of Martel Lab*
>> 0041 78 807 58 38
>> *Martel Innovate* <https://www.martel-innovate.com/>  -  Professional
>> support for innovation projects
>> Click to download our innovators' insights!
>> <https://www.martel-innovate.com/premium-content/>
>> Follow Us on Twitter <https://twitter.com/Martel_Innovate>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>


-- 
*Dr. FEDERICO MICHELE FACCA*
*Head of Martel Lab*
0041 78 807 58 38
*Martel Innovate* <https://www.martel-innovate.com/>  -  Professional
support for innovation projects
Click to download our innovators' insights!
<https://www.martel-innovate.com/premium-content/>
Follow Us on Twitter <https://twitter.com/Martel_Innovate>


More information about the keycloak-user mailing list