<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">Hi Lance,<br>

      <br>

      if you specify the "grant_type=password" you are using Direct

      access grants (it's called "Resource Owner Password credentials

      grant" in OAuth2 specification) documented here [1]<br>

      <br>

      if you specify the "grant_type=client_credentials" you are using

      Service accounts and you are obtaining token on behalf of client

      (it's called "Client Credentials grant" in OAuth2 specification)

      and it's documented here [2]<br>

      <br>

      [1]

<a class="moz-txt-link-freetext" href="http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html">http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html</a><br>

      [2]

<a class="moz-txt-link-freetext" href="http://keycloak.github.io/docs/userguide/keycloak-server/html/service-accounts.html">http://keycloak.github.io/docs/userguide/keycloak-server/html/service-accounts.html</a><br>

      <br>

      Marek<br>

      <br>

      On 16/05/16 23:19, Lance Ball wrote:<br>

    </div>

    <blockquote

cite="mid:CABRDmifwQb9dYa+8ddEoLHXnf=1=+w6pDdKQmLZz1UCRjKEAeg@mail.gmail.com"

      type="cite">

      <div dir="ltr">Hi All

        <div><br>

        </div>

        <div>I've been updating the keycloak-nodejs-auth-utils module to

          keep up with recent changes in Keycloak, and one thing I've

          noticed seems to contradict what's written in the

          documentation. Can anyone provide clarity on this for me?</div>

        <div><br>

        </div>

        <div>In the docs for Direct Access Grants[1] it says, "<span

            style="color:rgb(51,51,51);font-family:'Lucida

Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;line-height:18px;text-align:justify">For

            confidential client's, you must create a Basic Auth</span><span

            style="color:rgb(51,51,51);font-family:'Lucida

Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;line-height:18px;text-align:justify"> </span><code

            class=""

style="color:rgb(51,51,51);line-height:18px;text-align:justify;font-size:0.9em;font-family:courrier,monospace;white-space:nowrap">Authorization</code><span

            style="color:rgb(51,51,51);font-family:'Lucida

Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;line-height:18px;text-align:justify"> </span><span

            style="color:rgb(51,51,51);font-family:'Lucida

Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;line-height:18px;text-align:justify">header

            that contains the client_id and client secret. And pass in

            the form parameters for username and for each user

            credential. For example:"</span></div>

        <pre class="" style="font-size:0.9em;font-family:courrier,monospace;color:rgb(51,51,51);overflow:auto;padding:5px 15px 5px 25px;border:1px solid rgb(204,204,204);line-height:18px;text-align:justify;background-color:rgb(245,245,245)">    POST /auth/realms/demo/protocol/openid-connect/token

    Authorization: Basic atasdf023l2312023

    Content-Type: application/x-www-form-urlencoded

    username=bburke&amp;password=geheim&amp;grant_type=password</pre>

        <div>(That's copied and pasted into GMail. I hope the formatting

          is OK).</div>

        <div><br>

        </div>

        <div>But in the keycloak-nodejs-auth-utils module, I am able to

          obtain a grant without including the username and password.

          Additionally, I must specify 'client_credentials' as the

          grant_type [2].</div>

        <div><br>

        </div>

        <div>Do I misunderstand what is going on here or is the

          documentation out of date?</div>

        <div><br>

        </div>

        <div>Thanks</div>

        <div>Lance</div>

        <div><br>

        </div>

        <div>[1] <a moz-do-not-send="true"

href="http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html">http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html</a></div>

        <div>[2] <a moz-do-not-send="true"

href="https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L71-L79">https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L71-L79</a></div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

keycloak-dev mailing list

<a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>

<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>

    </blockquote>

    <br>

  </body>

</html>