<div dir="ltr"><span style="font-size:13.1999998092651px;line-height:19.7999992370605px;white-space:nowrap">Stian - thanks for getting back to me. I have managed to get the refesh tokens to work. For some reason I did not need to pass the </span><span style="font-size:13.1999998092651px;line-height:19.7999992370605px">Authorization header.</span><br><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px"><br></span></div><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px">In terms of the </span><span style="font-size:13.1999998092651px;line-height:19.7999992370605px">Bearer only client. Is there no way to get a token for a bearer only client.</span></div><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px"><br></span></div><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px">My senario is that the user logs in to a desktop app that validates its self via SSO and gets a token to use the </span><span style="font-size:13.1999998092651px;line-height:19.7999992370605px">desktop app</span></div><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px">The user then wishes to use a service on a server. The server has been set up as a bearer only service (this may be in-corret).</span></div><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px">The user wishes to use his current grant to obtain a grant for the service on the server.</span></div><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px"><br></span></div><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px">I thought that while playing with the javascript API I had managed to get the token for a bearer only service and so hoped I could do the same with a grant obtained by Direct Access</span></div><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px"><br></span></div><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px">Chris</span></div><div><span style="font-size:13.1999998092651px;line-height:19.7999992370605px"><br></span></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Aug 20, 2015 at 12:18 PM Stian Thorgersen <<a href="mailto:stian@redhat.com">stian@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
----- Original Message -----<br>
> From: "Christopher Davies" <<a href="mailto:christopher.james.davies@gmail.com" target="_blank">christopher.james.davies@gmail.com</a>><br>
> To: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> Sent: Thursday, 20 August, 2015 10:23:34 AM<br>
> Subject: [keycloak-user] Can some one point me in the right direction<br>
><br>
> First thanks for all the help I have had so far.<br>
><br>
> I currently have a client using direct access to get a grant from KeyCloak<br>
> via the protocol/openid-connect/token url.<br>
><br>
> The two direct access requests I need that I am having problems tracking down<br>
> are;<br>
> 1) Getting a new grant using the refresh_token<br>
<br>
This uses standard openid-connect protocols, send a post to the token endpoint with the following attributes in the post:<br>
* grant=refresh_token<br>
* refresh_token=<refresh token><br>
<br>
If it's a public client include client_id=<client id>, or if it's a confidential either include client_id and client_secret or use "Authorization: Bearer"<br>
<br>
> 2) Getting a grant for a bearer only client using (I assume the access<br>
> token).<br>
<br>
Bearer only clients are not allowed to obtain tokens.<br>
<br>
><br>
> Chris<br>
><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div>