It's all standard OAuth2 stuff so there's plenty of material on Google that describes how to do this.

That doesn't return a token it returns an authorization code. Take a look at:

https://tools.ietf.org/html/rfc6749#section-3.1

That'll show you how to get the tokens. Then:

https://tools.ietf.org/html/rfc6749#section-6

Will show you how to refresh the token.

On 12 September 2016 at 00:23, Sam McCollum <smccollum@westmont.edu> wrote:

Hi All,

I'm working on a project with some fellow students and we are attempting to use Keycloak to manage the authentication and authorization for our java backend running on Wildfly. We've managed to retrieve a token which we believe to be an offline token by opening the following URL on the mobile client and intercepting a custom URL schema: http://keycloak.cs.westmont.edu/auth/realms/Westmont/protocol/openid-connect/auth?redirect_uri=app.test://login&response_type=code&client_id=TestApp&scope=offline_access

We hope that this doesn't bother you, but we are really struggling to figure out how to request the access token from the refresh token using the REST API as we haven't found any documentation or tutorials covering this use case.

We are also hoping to open source our efforts at building a library for mobile apps to use with Keycloak.

Please let us know if there is anything else you need to understand from us.

Thanks in advance,

Sam

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user