Access Token And PRT(request party token), which one should I use to access the resource protected by keycloak
4:08 a.m.
Hi,
By reading the document of KeyCloak ,I found that I can use a Access-token
or a PRT(request party token) to access the resources protected by keycloak.
1 Use PRT:
https://keycloak.gitbooks.io/documentation/authorization_services/topics/...
GET /my-resource-server/my-protected-resource HTTP/1.1
Host: host.com
Authorization: Bearer ${RPT}
2 Use access token:
https://github.com/keycloak/keycloak-quickstarts/blob/master/app-jee-html...
line 38
if (keycloak.authenticated) {
req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token);
}
I'm confused about the difference between them. I don't know When I should
use access token , and when I should use another one ?
I am looking forward to your reply.
thanks ,
yizhou
6:22 a.m.
Hi,
If your resources are protected with a policy enforcer you should send a
RPT. This token is pretty much an access token with an additional claim
holding the permissions.
Regards.
Pedro Igor
On Mon, Apr 17, 2017 at 6:08 AM, Yizhou Jiang(Yizhou) <
yizhoujiang(a)hengtiansoft.com> wrote:
Hi,
By reading the document of KeyCloak ,I found that I can use
a Access-token or a PRT(request party token) to access the resources
protected by keycloak.
1 Use PRT: https://keycloak.gitbooks.io/documentation/authorization_
services/topics/enforcer/keycloak-enforcement-bearer.html
GET /my-resource-server/my-protected-resource HTTP/1.1
Host: host.com
Authorization: Bearer ${RPT}
2 Use access token: https://github.com/keycloak/
keycloak-quickstarts/blob/master/app-jee-html5/src/main/webapp/app.js
line 38
if (keycloak.authenticated) {
req.setRequestHeader('Authorization', 'Bearer ' +
keycloak.token);
}
I'm confused about the difference between them. I don't know When
I should use access token , and when I should use another one ?
I am looking forward to your reply.
thanks ,
yizhou
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
9:22 a.m.
Hi Pedro Igor,
Thanks for your reply. but I still have some confusion.
https://keycloak.gitbooks.io/documentation/authorization_services/topics/...
have text like follow:
To enable policy enforcement for your application, add the following property to your
keycloak.json file:
keycloak.json
{
"policy-enforcer": {}
}
so ,the example
https://github.com/keycloak/keycloak-quickstarts/tree/master/service-jee-... is
protected by a policy enforcer. Because there is
{
"policy-enforcer": {}
}
in keycloak.json file which was downloaded from the keycloak server.
But the example
https://github.com/keycloak/keycloak-quickstarts/blob/master/app-jee-html...
call the services using Access Token NOT PRT.
thanks ,
yizhou
From: Pedro Igor Silva [mailto:psilva@redhat.com]
Sent: Monday, April 17, 2017 7:23 PM
To: Yizhou Jiang(Yizhou)
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Access Token And PRT(request party token), which one should I
use to access the resource protected by keycloak
Hi,
If your resources are protected with a policy enforcer you should send a RPT. This token
is pretty much an access token with an additional claim holding the permissions.
Regards.
Pedro Igor
On Mon, Apr 17, 2017 at 6:08 AM, Yizhou Jiang(Yizhou)
<yizhoujiang@hengtiansoft.com<mailto:yizhoujiang@hengtiansoft.com>> wrote:
Hi,
By reading the document of KeyCloak ,I found that I can use a Access-token
or a PRT(request party token) to access the resources protected by keycloak.
1 Use PRT:
https://keycloak.gitbooks.io/documentation/authorization_services/topics/...
GET /my-resource-server/my-protected-resource HTTP/1.1
Host: host.com<http://host.com>
Authorization: Bearer ${RPT}
2 Use access token:
https://github.com/keycloak/keycloak-quickstarts/blob/master/app-jee-html...
line 38
if (keycloak.authenticated) {
req.setRequestHeader('Authorization', 'Bearer ' +
keycloak.token);
}
I'm confused about the difference between them. I don't know When I should
use access token , and when I should use another one ?
I am looking forward to your reply.
thanks ,
yizhou
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
12:02 p.m.
On Mon, Apr 17, 2017 at 11:22 AM, Yizhou Jiang(Yizhou) <
yizhoujiang(a)hengtiansoft.com> wrote:
Hi Pedro Igor,
Thanks for your reply. but I still have some confusion.
https://keycloak.gitbooks.io/documentation/authorization_
services/topics/enforcer/keycloak-enforcement-filter.html have text like
follow:
To enable policy enforcement for your application, add the following
property to your *keycloak.json* file:
keycloak.json
{
"policy-enforcer": {}
}
so ,the example
https://github.com/keycloak/keycloak-quickstarts/tree/master/service-jee-... is
protected by a policy enforcer. Because there is
*{*
*"policy-enforcer"**: {}*
*}*
in *keycloak.json* file which was downloaded from the keycloak server.
But the example https://github.com/keycloak/keycloak-quickstarts/blob/
master/app-jee-html5/src/main/webapp/app.js
call the services using Access Token NOT PRT.
In this example, you need to change it in order to use the RPT properly if
you have enabled authz. We have some quickstarts here [1] for RH-SSO. But
none in keycloak-quickstarts repo. Will take with Stian about that.
[1] https://github.com/redhat-developer/redhat-sso-quickstarts/tree/7.1.x
thanks ,
yizhou
*From:* Pedro Igor Silva [mailto:psilva@redhat.com]
*Sent:* Monday, April 17, 2017 7:23 PM
*To:* Yizhou Jiang(Yizhou)
*Cc:* keycloak-user(a)lists.jboss.org
*Subject:* Re: [keycloak-user] Access Token And PRT(request party token),
which one should I use to access the resource protected by keycloak
Hi,
If your resources are protected with a policy enforcer you should send a
RPT. This token is pretty much an access token with an additional claim
holding the permissions.
Regards.
Pedro Igor
On Mon, Apr 17, 2017 at 6:08 AM, Yizhou Jiang(Yizhou) <
yizhoujiang(a)hengtiansoft.com> wrote:
Hi,
By reading the document of KeyCloak ,I found that I can use
a Access-token or a PRT(request party token) to access the resources
protected by keycloak.
1 Use PRT: https://keycloak.gitbooks.io/documentation/authorization_
services/topics/enforcer/keycloak-enforcement-bearer.html
GET /my-resource-server/my-protected-resource HTTP/1.1
Host: host.com
Authorization: Bearer ${RPT}
2 Use access token: https://github.com/keycloak/
keycloak-quickstarts/blob/master/app-jee-html5/src/main/webapp/app.js
line 38
if (keycloak.authenticated) {
req.setRequestHeader('Authorization', 'Bearer ' +
keycloak.token);
}
I'm confused about the difference between them. I don't know When
I should use access token , and when I should use another one ?
I am looking forward to your reply.
thanks ,
yizhou
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2823
days inactive
2823
days old
3 comments
2 participants
participants (2)
-
Pedro Igor Silva -
Yizhou Jiang(Yizhou)