Reputation: 361
Keycloak service to service
I have a secured architecture with Keycloak (see Securing thorntail service with KEYCLOAK for schema). It works well. But now, I can't figure out how to make service A getting some info from secured Service B, alone.
If the flow is FrontEnd (authenticated, so has a token) / service A / secured Service B then Ok, A access B. But, for example first time in the morning (@startup) service A needs to get some infos from service B, no token to forward ... how to do it ?
Upvotes: 8
Views: 6614
Answers (1)
Reputation: 1192
Client Credentials Flow is what you need. https://www.keycloak.org/docs/latest/securing_apps/#client-credentials
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d 'grant_type=client_credentials&client_id=${client_id}&client_secret=${client_secret}' \
"http://localhost:8080/auth/realms/${realm_name}/protocol/openid-connect/token"
This is from keycloak documentation (https://www.keycloak.org/docs/latest/authorization_services/#_service_protection_whatis_obtain_pat).
Check also this: https://auth0.com/docs/flows/concepts/client-credentials
Upvotes: 9
Related Questions
- Keycloak custom SPI REST Endpoint with authorization
- Keycloak REST API 403 forbidden
- Keycloak for backend service
- Keycloak user authorization openid-protocol Rest API
- Keycloak, sharing resources between clients
- Keycloak return service in user api
- Keycloak - Oauth-2 Authentication Flow
- Setup Keycloak Client Using REST Api
- OAuth2 authorization interface using KeyCloak
- OAuth2 service to service authorization