[keycloak-user] Keycloak OAuth2 bearer token without using direct access grant
Marek Posolda
mposolda at redhat.com
Tue Dec 8 11:15:43 EST 2015
After finish of OIDC authentication, Keycloak will redirect to your
application with the "code" parameter. Keycloak will always do this, it
doesn't matter if you authenticated through SAML identity broker or
username/password form or any other method. Then you theoretically need
to exchange the code for access-token in backchannel request, however as
long as you use our adapters, you don't need to care about it as adapter
will do it for you.
We have examples (using adapters) where you can also see how is bearer
access token retrieved and then used for additional REST calls to REST
endpoints secured by bearer token. See the demo example and the
"customer-portal" and "product-portal" applications.
Marek
On 08/12/15 16:48, Ton Swieb wrote:
> Hi,
>
> How can I obtain a bearer token from keycloak without using the direct
> access grant
> (http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html).
>
> I have configured a SAML Identity Broker in Keycloak which handles the
> login for my realm. As a result I do not have a username/password
> combination to POST it to:
>
> |/{keycloak-root}/realms/{realm-name}/protocol/openid-connect/toke|n
>
> How would I obtain a bearer token in this situation?
>
> Kind regards,
>
> Ton
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151208/06861a7b/attachment-0001.html
More information about the keycloak-user
mailing list