<div dir="ltr">Marek<div><br></div><div>Thanks for that clarification - this helps a lot. It helps to read the spec. :)</div><div><br></div><div>Resource Owner Password Credentials Grant - <a href="https://tools.ietf.org/html/rfc6749#section-4.3">https://tools.ietf.org/html/rfc6749#section-4.3</a> <br></div><div>Client Credentials Grant - <a href="https://tools.ietf.org/html/rfc6749#section-4.4">https://tools.ietf.org/html/rfc6749#section-4.4</a> <br></div><div><br></div><div>Lance</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 17, 2016 at 4:36 AM, Marek Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  <div bgcolor="#FFFFFF" text="#000000">

    <div>Hi Lance,<br>

      <br>

      if you specify the &quot;grant_type=password&quot; you are using Direct

      access grants (it&#39;s called &quot;Resource Owner Password credentials

      grant&quot; in OAuth2 specification) documented here [1]<br>

      <br>

      if you specify the &quot;grant_type=client_credentials&quot; you are using

      Service accounts and you are obtaining token on behalf of client

      (it&#39;s called &quot;Client Credentials grant&quot; in OAuth2 specification)

      and it&#39;s documented here [2]<br>

      <br>

      [1]

<a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html</a><br>

      [2]

<a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/service-accounts.html" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/service-accounts.html</a><br>

      <br>

      Marek<div><div class="h5"><br>

      <br>

      On 16/05/16 23:19, Lance Ball wrote:<br>

    </div></div></div>

    <blockquote type="cite"><div><div class="h5">

      <div dir="ltr">Hi All

        <div><br>

        </div>

        <div>I&#39;ve been updating the keycloak-nodejs-auth-utils module to

          keep up with recent changes in Keycloak, and one thing I&#39;ve

          noticed seems to contradict what&#39;s written in the

          documentation. Can anyone provide clarity on this for me?</div>

        <div><br>

        </div>

        <div>In the docs for Direct Access Grants[1] it says, &quot;<span>For

            confidential client&#39;s, you must create a Basic Auth</span><span> </span><code style="color:rgb(51,51,51);line-height:18px;text-align:justify;font-size:0.9em;font-family:courrier,monospace;white-space:nowrap">Authorization</code><span> </span><span>header

            that contains the client_id and client secret. And pass in

            the form parameters for username and for each user

            credential. For example:&quot;</span></div>

        <pre style="font-size:0.9em;font-family:courrier,monospace;color:rgb(51,51,51);overflow:auto;padding:5px 15px 5px 25px;border:1px solid rgb(204,204,204);line-height:18px;text-align:justify;background-color:rgb(245,245,245)">    POST /auth/realms/demo/protocol/openid-connect/token

    Authorization: Basic atasdf023l2312023

    Content-Type: application/x-www-form-urlencoded

    username=bburke&amp;password=geheim&amp;grant_type=password</pre>

        <div>(That&#39;s copied and pasted into GMail. I hope the formatting

          is OK).</div>

        <div><br>

        </div>

        <div>But in the keycloak-nodejs-auth-utils module, I am able to

          obtain a grant without including the username and password.

          Additionally, I must specify &#39;client_credentials&#39; as the

          grant_type [2].</div>

        <div><br>

        </div>

        <div>Do I misunderstand what is going on here or is the

          documentation out of date?</div>

        <div><br>

        </div>

        <div>Thanks</div>

        <div>Lance</div>

        <div><br>

        </div>

        <div>[1] <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html</a></div>

        <div>[2] <a href="https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L71-L79" target="_blank">https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L71-L79</a></div>

      </div>

      <br>

      <fieldset></fieldset>

      <br>

      </div></div><pre>_______________________________________________

keycloak-dev mailing list

<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>

    </blockquote>

    <br>

  </div>

</blockquote></div><br></div>