[keycloak-user] Access token or ID token

Marek Posolda mposolda at redhat.com
Mon Aug 1 13:20:12 EDT 2016 

Not sure exactly about all the details of your setup etc. However from 
the first look, if you use "response_type=id_token" , then Keycloak will 
return you just idToken, but not accessToken at all.

If you want both idToken and accessToken, you need to use value 
"id_token token".

So encoded parameter will be something like "response_type=id_token%20token"

Marek

On 01/08/16 11:41, Mohan.Radhakrishnan at cognizant.com wrote:
>
> Hi,
>
>                 My ID token flow and OIDC filter are working. But I am 
> still doubtful about my implementation. When I used another 
> IDP(IdentifyServer3) the redirect URL issued from
>
> AngularJS gave me the access token with the ID token embedded in it 
> directly.
>
> But now I am using this code.
>
>        AccessToken accessToken= 
> keycloakPrincipal.getKeycloakSecurityContext().getToken();
>
> URL is this.
>
> _http://localhost:8080/auth/realms/Test/protocol/openid-connect/auth?response_type=id_token&redirect_uri=http://localhost:8000/keycloak/claim/&realm=Test&client_id=Test&scope=user_
>
> And 
> https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/javascript-adapter.html 
> mentions that keycloak.json is required to get the access token in 
> AngularJS.
>
> Am I missing something ? Why is there a difference ?
>
> Thanks,
>
> Mohan
>
> This e-mail and any files transmitted with it are for the sole use of 
> the intended recipient(s) and may contain confidential and privileged 
> information. If you are not the intended recipient(s), please reply to 
> the sender and destroy all copies of the original message. Any 
> unauthorized review, use, disclosure, dissemination, forwarding, 
> printing or copying of this email, and/or any action taken in reliance 
> on the contents of this e-mail is strictly prohibited and may be 
> unlawful. Where permitted by applicable law, this e-mail and other 
> e-mail communications sent to and from Cognizant e-mail addresses may 
> be monitored.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160801/074fdcf5/attachment-0001.html

More information about the keycloak-user mailing list