[keycloak-user] Custom Social Login, cache access_token, Enterprise Wechat
kkzxak47
kkzxak47 at gmail.com
Wed Jul 24 22:56:59 EDT 2019
Hi,
I'm building a SSO service for my company (~1000 employee).
After investigation I decided to adopt Keycloak as the core component.
We are using Wechat Work as IM tool (https://work.weixin.qq.com/),
employee DB is based on its Contacts. So it's natural to integrate it as a
social login into Keycloak SSO service.
In the process of implementing the 'WechatIdentityProvider' and
'WechatIdentityProviderFactory' classes I encountered some trouble.
Just like Twitter / Google and other providers, some of Wechat Work's
OAuth2 flow is not aligned with standards. For example, the processing of
retrieving the access_token is relatively independent of other OAuth2 code
flow, the access_token is valid for 7200 seconds, its API is limited to be
called 2000 times per day for a single client. We are forced to cache a
global access_token for each client. I noticed that Keycloak is heavily
using Infinispan. My question is can I use it for caching access_token too?
Is it safe to do so? What is your recommendation?
And I'm working based on version 6.0.1 in standalone mode, is it
appropriate?
My main programming language is not Java by the way. I learned it ~10
years ago and Spring is new to me. So I'm still learning. It's of great
help to give relevant document links or code snippets, thanks!
Victor
More information about the keycloak-user
mailing list