search

unconventionaldotdev / flask-multipass-keycloak

Flask-Multipass provider for Keycloak
https://pypi.org/project/flask-multipass-keycloak
MIT License
1 stars 1 forks source link

use `client_credentials` grant type #1

Open belfhi opened 1 month ago

belfhi commented 1 month ago

If "service accounts roles" is activated in the Keycloak OIDC Client Settings, and adds the appropriate roles to be able to query-users and query-groups, one can use the grant_type=client_credentials in the request and does not need to add an extra user with the realm roles.

Screenshot 2024-08-28 at 12 53 18

This would simplify configuration since only client_id and client_secret needs to be supplied. More documentation on how the client needs to be set up should be added, though.

tomako commented 1 month ago

Thank you @belfhi , I will test this and update the documentation soon.