<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Arial">Yes, that's true (even for some open source
software too).<br>
So am I supposed to put this JWT access token into the
Authorization request header as Bearer value to authorize a
request?<br>
The access token I got from Keycloak is over 5000 characters long!<br>
<br>
</font><br>
<div class="moz-cite-prefix">On 05.02.2016 13:47, Raghuram Prabhala
wrote:<br>
</div>
<blockquote
cite="mid:355538146.1756649.1454676424011.JavaMail.yahoo@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff; font-family:Courier
New, courier, monaco, monospace, sans-serif;font-size:13px">
<div id="yui_3_16_0_1_1454674140461_3821" dir="ltr" class=""><span
id="yui_3_16_0_1_1454674140461_3820" class="">Access token
is implementation specific. Some commercial software have
the concept of "reference tokens" which are nothing but
random strings indicated below. The clients have to query
back the Authorization server to get a validated JWT token</span></div>
<div dir="ltr" id="yui_3_16_0_1_1454674140461_5172" class=""><br>
</div>
<div class="qtdSeparateBR"><br>
<br>
</div>
<div class="yahoo_quoted" id="yui_3_16_0_1_1454674140461_5186"
style="display: block;">
<div style="font-family: Courier New, courier, monaco,
monospace, sans-serif; font-size: 13px;"
id="yui_3_16_0_1_1454674140461_5185">
<div style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size:
16px;" id="yui_3_16_0_1_1454674140461_5184">
<div dir="ltr" id="yui_3_16_0_1_1454674140461_5183"> <font
id="yui_3_16_0_1_1454674140461_5182" size="2"
face="Arial">
<hr size="1"> <b><span style="font-weight:bold;">From:</span></b>
Stian Thorgersen <a class="moz-txt-link-rfc2396E" href="mailto:sthorger@redhat.com"><sthorger@redhat.com></a><br>
<b><span style="font-weight: bold;">To:</span></b>
<a class="moz-txt-link-abbreviated" href="mailto:manfred.duchrow@caprica.biz">manfred.duchrow@caprica.biz</a> <br>
<b><span style="font-weight: bold;">Cc:</span></b>
keycloak-user <a class="moz-txt-link-rfc2396E" href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a><br>
<b><span style="font-weight: bold;">Sent:</span></b>
Friday, February 5, 2016 7:10 AM<br>
<b><span style="font-weight: bold;">Subject:</span></b>
Re: [keycloak-user] access_token always contains JWT<br>
</font> </div>
<div class="y_msg_container"
id="yui_3_16_0_1_1454674140461_5189"><br>
<div id="yiv0521677882">
<div id="yui_3_16_0_1_1454674140461_5188">
<div dir="ltr" id="yui_3_16_0_1_1454674140461_5187">There's
no such thing as a "simple token". Tokens are
always a signed JWT.</div>
<div class="yiv0521677882gmail_extra"
id="yui_3_16_0_1_1454674140461_5191"><br
clear="none">
<div class="yiv0521677882gmail_quote"
id="yui_3_16_0_1_1454674140461_5190">On 5
February 2016 at 11:17, <span dir="ltr"><<a
moz-do-not-send="true" rel="nofollow"
shape="rect"
ymailto="mailto:manfred.duchrow@caprica.biz"
target="_blank"
href="mailto:manfred.duchrow@caprica.biz"><a class="moz-txt-link-abbreviated" href="mailto:manfred.duchrow@caprica.biz">manfred.duchrow@caprica.biz</a></a>></span>
wrote:<br clear="none">
<blockquote class="yiv0521677882gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex;"
id="yui_3_16_0_1_1454674140461_5195">
<div class="yiv0521677882yqt1765160907"
id="yiv0521677882yqt70160">
<div id="yui_3_16_0_1_1454674140461_5194">
<div
style="font-family:-moz-fixed;font-size:14px;"
id="yui_3_16_0_1_1454674140461_5193"
lang="x-unicode">
<pre id="yui_3_16_0_1_1454674140461_5192">Hi,
I am trying to retrieve an access token from a Keycloak (1.8.0.Final)
service account by
POST /auth/realms/myrealm/protocol/openid-connect/token
with grant_type=client_credentials.
The result contains a signed JWT as value of field "access_token" rather
than a simple token
as described in chapter 18 (Service Accounts) of the user guide.
So what I expect (need) is a response like this:
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"bearer",
"expires_in":60,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"refresh_expires_in":600,
"id_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"not-before-policy":0,
"session-state":"234234-234234-234234"
}
Is there a way to configure the account or the realm to return a simple
token
in "access_token" (and "refresh_token") rather than a JWT?
Cheers,
Manfred
</pre>
</div>
</div>
</div>
<br clear="none">
_______________________________________________<br clear="none">
keycloak-user mailing list<br clear="none">
<a moz-do-not-send="true" rel="nofollow"
shape="rect"
ymailto="mailto:keycloak-user@lists.jboss.org"
target="_blank"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br
clear="none">
<a moz-do-not-send="true" rel="nofollow"
shape="rect" target="_blank"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br
clear="none">
</blockquote>
</div>
<br clear="none">
</div>
</div>
</div>
<br>
<div class="yqt1765160907" id="yqt35967">_______________________________________________<br
clear="none">
keycloak-user mailing list<br clear="none">
<a moz-do-not-send="true" shape="rect"
ymailto="mailto:keycloak-user@lists.jboss.org"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br
clear="none">
<a moz-do-not-send="true" shape="rect"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
========================================
Caprica Ltd.
69 Great Hampton Street
Birmingham, West Midlands, B186EW,
Registered in England and Wales
Company No. 5298548
Managing Director: Manfred Duchrow
Zweigniederlassung Deutschland
Gartenstr. 48, 89150 Laichingen
Amtsgericht Ulm: HRB 5073
Geschäftsführer: Manfred Duchrow
----------------------------------------
Tel: +49 (0)7333 9232190
Fax: +49 (0)7333 9232191
E-Mail: <a class="moz-txt-link-abbreviated" href="mailto:manfred.duchrow@caprica.de">manfred.duchrow@caprica.de</a>
========================================</pre>
</body>
</html>