<div dir="ltr"><p style="margin:0px 0px 1em;padding:0px;border:0px;font-size:15px;clear:both;font-family:&#39;Helvetica Neue&#39;,Helvetica,Arial,sans-serif;line-height:19.5px">Hi guys,</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-size:15px;clear:both;font-family:&#39;Helvetica Neue&#39;,Helvetica,Arial,sans-serif;line-height:19.5px">I&#39;m new with Keyloack server, after read the official documentation I have a couple of questions.</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-size:15px;clear:both;font-family:&#39;Helvetica Neue&#39;,Helvetica,Arial,sans-serif;line-height:19.5px">Following the Oauth2 flow:</p><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">  +--------+                                           +---------------+
  |        |--(A)------- Authorization Grant ---------&gt;|               |
  |        |                                           |               |
  |        |&lt;-(B)----------- Access Token -------------|               |
  |        |               &amp; Refresh Token             |               |
  |        |                                           |               |
  |        |                            +----------+   |               |
  |        |--(C)---- Access Token ----&gt;|          |   |               |
  |        |                            |          |   |               |
  |        |&lt;-(D)- Protected Resource --| Resource |   | Authorization |
  | Client |                            |  Server  |   |     Server    |
  |        |--(E)---- Access Token ----&gt;|          |   |               |
  |        |                            |          |   |               |
  |        |&lt;-(F)- Invalid Token Error -|          |   |               |
  |        |                            +----------+   |               |
  |        |                                           |               |
  |        |--(G)----------- Refresh Token -----------&gt;|               |
  |        |                                           |               |
  |        |&lt;-(H)----------- Access Token -------------|               |
  +--------+           &amp; Optional Refresh Token        +---------------+

 </pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">are &#39;Client&#39; and &#39;Resource Server&#39; Keycloaks&#39; clients?</pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">For example, I have an Android App and a Service (Java Rest service), should both be registered in Keycloak Server like clients?</pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">The last question is about Refresh token.</pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">When I&#39;m authenticated for achieving an access token through &#39;<a href="http://localhost:8080/auth/realms/demo/protocol/openid-connect/token">http://localhost:8080/auth/realms/demo/protocol/openid-connect/token</a>&#39;, I received a refresh token too.</pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">If I try to get a protected resource by the refresh token I will get access to it... Why is it possible? I thought that refresh token was only for generate new access token. I&#39;m a bit confussed.</pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">I will appreciate any help, thanks.</pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"><br></pre><p style="margin:0px 0px 1em;padding:0px;border:0px;font-size:15px;clear:both;font-family:&#39;Helvetica Neue&#39;,Helvetica,Arial,sans-serif;line-height:19.5px"><br></p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-size:15px;clear:both;font-family:&#39;Helvetica Neue&#39;,Helvetica,Arial,sans-serif;line-height:19.5px"><br></p></div>