'Using service account to read and update data in keycloak best practice

Inherited code from a team mate around keycloak IAM. My gut tells me we are not using it properly. From looking at the code, for any kind of operations, e.g. getting a user's details, they make use of the keycloak service account. They will 'log into' the service account using keycloak's REST APIs (username and password stored in our backend auth service's .env file). Once they have the bearer key, they will use that to make multiple requests like getting the user's details, resetting a password, etc.

Is this best practice? I would have imagined rather than having a service account, keycloak would have the idea of authorised applications/identities and we would instead have some kind of key/token which is handed out to each application which wants to talk to keycloak directly.

Thanks

keycloakkeycloak-rest-api


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Deploying a Keycloak HA cluster to kubernetes | Pods are not discovering each other

What is the best approach to logout from keycloak after authentication via pkce?

Change the preferred_username in token for client credential grant flow

Keycloak-js 'init()' not executing in React app

Keycloak Rest API get all available resources

Customize keycloak error page with spring boot

AWS Cognito in place of Keycloak [closed]

Keycloak 17.0.1 Import Realm on Docker / Docker-Compose Startup

How to configure "accept Terms and Conditions" on Keycloak registration page

What are the differences between CAS and Keycloak?

What are the differences between CAS and Keycloak?

Keycloak templates available variables

Keycloak: CLIENT_INITIATED_ACCOUNT_LINKING_ERROR with invalid_token

Keycloak / SpringBoot - The Issuer <https://example.com> provided in the OpenID Configuration did not match the requested issuer <https://bar.com>

M1 docker preview and keycloak 'image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8)' Issue