<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 14/10/15 18:35, David Ramírez wrote:<br>
    </div>
    <blockquote
cite="mid:CAHE2POXgeODHD07+AXLQyd84paxK6endCXhBygvrrG1cx8wAVQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <p style="margin:0px 0px
          1em;padding:0px;border:0px;font-size:15px;clear:both;font-family:'Helvetica
          Neue',Helvetica,Arial,sans-serif;line-height:19.5px">Hi guys,</p>
        <p style="margin:0px 0px
          1em;padding:0px;border:0px;font-size:15px;clear:both;font-family:'Helvetica
          Neue',Helvetica,Arial,sans-serif;line-height:19.5px">I'm new
          with Keyloack server, after read the official documentation I
          have a couple of questions.</p>
        <p style="margin:0px 0px
          1em;padding:0px;border:0px;font-size:15px;clear:both;font-family:'Helvetica
          Neue',Helvetica,Arial,sans-serif;line-height:19.5px">Following
          the Oauth2 flow:</p>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">  +--------+                                           +---------------+
  |        |--(A)------- Authorization Grant ---------&gt;|               |
  |        |                                           |               |
  |        |&lt;-(B)----------- Access Token -------------|               |
  |        |               &amp; Refresh Token             |               |
  |        |                                           |               |
  |        |                            +----------+   |               |
  |        |--(C)---- Access Token ----&gt;|          |   |               |
  |        |                            |          |   |               |
  |        |&lt;-(D)- Protected Resource --| Resource |   | Authorization |
  | Client |                            |  Server  |   |     Server    |
  |        |--(E)---- Access Token ----&gt;|          |   |               |
  |        |                            |          |   |               |
  |        |&lt;-(F)- Invalid Token Error -|          |   |               |
  |        |                            +----------+   |               |
  |        |                                           |               |
  |        |--(G)----------- Refresh Token -----------&gt;|               |
  |        |                                           |               |
  |        |&lt;-(H)----------- Access Token -------------|               |
  +--------+           &amp; Optional Refresh Token        +---------------+

 </pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">are 'Client' and 'Resource Server' Keycloaks' clients?</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">For example, I have an Android App and a Service (Java Rest service), should both be registered in Keycloak Server like clients?</pre>
      </div>
    </blockquote>
    Yes. Theoretically it's not needed to register your REST Service as
    Keycloak client, but it's useful for various reasons. For example
    you will be able to propagate admin events from KC admin console to
    it, like push not-before policy.<br>
    <blockquote
cite="mid:CAHE2POXgeODHD07+AXLQyd84paxK6endCXhBygvrrG1cx8wAVQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">The last question is about Refresh token.</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">When I'm authenticated for achieving an access token through '<a moz-do-not-send="true" href="http://localhost:8080/auth/realms/demo/protocol/openid-connect/token">http://localhost:8080/auth/realms/demo/protocol/openid-connect/token</a>', I received a refresh token too.</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">If I try to get a protected resource by the refresh token I will get access to it... Why is it possible? I thought that refresh token was only for generate new access token. I'm a bit confussed.</pre>
      </div>
    </blockquote>
    It's bug, which is fixed in latest master and will be in 1.6
    release.<br>
    <br>
    Marek<br>
    <blockquote
cite="mid:CAHE2POXgeODHD07+AXLQyd84paxK6endCXhBygvrrG1cx8wAVQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">I will appreciate any help, thanks.</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <pre class="" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)">
</pre>
        <p style="margin:0px 0px
          1em;padding:0px;border:0px;font-size:15px;clear:both;font-family:'Helvetica
          Neue',Helvetica,Arial,sans-serif;line-height:19.5px"><br>
        </p>
        <p style="margin:0px 0px
          1em;padding:0px;border:0px;font-size:15px;clear:both;font-family:'Helvetica
          Neue',Helvetica,Arial,sans-serif;line-height:19.5px"><br>
        </p>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
keycloak-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
    </blockquote>
    <br>
  </body>
</html>