[keycloak-user] Obtaining RPT with Keycloak installed

[keycloak demo]

Thanks Pedro,

Is it okay to use *Access Token* generated through *KeycloakInstalled *for
the purpose of performing authorization through policy enforcer on my
client app?

On Tue, Sep 11, 2018 at 5:00 PM Pedro Igor Silva <psilva at redhat.com> wrote:

>
>
> On Tue, Sep 11, 2018 at 6:58 AM, keycloak demo <testoauth55 at gmail.com>
> wrote:
>
>> I am using keycloak installed through which I can obtain access token.
>> like
>> this:
>>
>> *keycloakinstalled.loginDesktop();*
>> *AccessToken token = keycloak.getToken();*
>>
>> But how can I obtain RPT (Requesting Party Token) in case of
>> keycloakinstalled?
>>
>> I have followed the doc:
>>
>> https://www.keycloak.org/docs/4.3/authorization_services/#obtaining-user-entitlements
>> which
>> gives a way to request RPT by using AuthzClient. But how can it be done if
>> I am using keycloakinstalled?
>>
>> Also by decoding the RPT and accessToken I can see that RPT has
>> authorization & permissions info which Access Token does not have:
>>
>> "authorization": { "permissions": [.....
>>
>>
>> In summary, I have 2 questions:
>>
>> 1. Which one (Access token or RPT) should be used if I want to use
>> authorization in my client application? What is the exact difference in
>> terms of usage between the two?
>>
>
> The main difference between the two is that RPT gives you additional
> claims representing permissions with a specific audience set to the target
> resource server. RPTs are also obtained using a different grant type.
>
>
>>
>> 2. How can the RPT be obtained in case of Keycloak installed?
>>
>
> I have never tested this before, could you please fill a JIRA with more
> details about what you are trying to achieve with keycloak installed. Need
> to check if we could implement something for better support of RPTs.
>
>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>