[keycloak-user] access_token always contains JWT
manfred.duchrow at caprica.biz
manfred.duchrow at caprica.biz
Fri Feb 5 09:17:40 EST 2016
Yes, that's true (even for some open source software too).
So am I supposed to put this JWT access token into the Authorization
request header as Bearer value to authorize a request?
The access token I got from Keycloak is over 5000 characters long!
On 05.02.2016 13:47, Raghuram Prabhala wrote:
> Access token is implementation specific. Some commercial software have
> the concept of "reference tokens" which are nothing but random strings
> indicated below. The clients have to query back the Authorization
> server to get a validated JWT token
>
>
>
> ------------------------------------------------------------------------
> *From:* Stian Thorgersen <sthorger at redhat.com>
> *To:* manfred.duchrow at caprica.biz
> *Cc:* keycloak-user <keycloak-user at lists.jboss.org>
> *Sent:* Friday, February 5, 2016 7:10 AM
> *Subject:* Re: [keycloak-user] access_token always contains JWT
>
> There's no such thing as a "simple token". Tokens are always a signed JWT.
>
> On 5 February 2016 at 11:17, <manfred.duchrow at caprica.biz
> <mailto:manfred.duchrow at caprica.biz>> wrote:
>
> Hi,
>
> I am trying to retrieve an access token from a Keycloak (1.8.0.Final)
> service account by
> POST /auth/realms/myrealm/protocol/openid-connect/token
> with grant_type=client_credentials.
>
> The result contains a signed JWT as value of field "access_token" rather
> than a simple token
> as described in chapter 18 (Service Accounts) of the user guide.
>
> So what I expect (need) is a response like this:
>
> {
> "access_token":"2YotnFZFEjr1zCsicMWpAA",
> "token_type":"bearer",
> "expires_in":60,
> "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
> "refresh_expires_in":600,
> "id_token":"tGzv3JOkF0XG5Qx2TlKWIA",
> "not-before-policy":0,
> "session-state":"234234-234234-234234"
> }
>
> Is there a way to configure the account or the realm to return a simple
> token
> in "access_token" (and "refresh_token") rather than a JWT?
>
> Cheers,
> Manfred
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
--
========================================
Caprica Ltd.
69 Great Hampton Street
Birmingham, West Midlands, B186EW,
Registered in England and Wales
Company No. 5298548
Managing Director: Manfred Duchrow
Zweigniederlassung Deutschland
Gartenstr. 48, 89150 Laichingen
Amtsgericht Ulm: HRB 5073
Geschäftsführer: Manfred Duchrow
----------------------------------------
Tel: +49 (0)7333 9232190
Fax: +49 (0)7333 9232191
E-Mail: manfred.duchrow at caprica.de
========================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160205/9ffbcf30/attachment-0001.html
More information about the keycloak-user
mailing list