Re: [keycloak-user] Access Token And PRT(request party token), which one should I use to access the resource protected by keycloak

Monday, 17 April 2017

On Mon, Apr 17, 2017 at 11:22 AM, Yizhou Jiang(Yizhou) <
yizhoujiang(a)hengtiansoft.com&gt; wrote:

...
 Hi Pedro Igor,

          Thanks for your reply. but  I still have some confusion.

             https://keycloak.gitbooks.io/documentation/authorization_
 services/topics/enforcer/keycloak-enforcement-filter.html  have text like
 follow:

 To enable policy enforcement for your application, add the following
 property to your *keycloak.json* file:

 keycloak.json

 {

   "policy-enforcer": {}

 }

  so ,the example 
https://github.com/keycloak/keycloak-quickstarts/tree/master/service-jee-...   is
protected  by a policy enforcer.  Because  there is

 *{*

   *"policy-enforcer"**: {}*

 *}*

 in   *keycloak.json* file  which was  downloaded from the keycloak server.

 But the example https://github.com/keycloak/keycloak-quickstarts/blob/
 master/app-jee-html5/src/main/webapp/app.js

 call the  services  using Access Token NOT PRT.

In this example, you need to change it in order to use the RPT properly if
you have enabled authz. We have some quickstarts here [1] for RH-SSO. But
none in keycloak-quickstarts repo. Will take with Stian about that.

[1] https://github.com/redhat-developer/redhat-sso-quickstarts/tree/7.1.x

...

 thanks ,

 yizhou

 *From:* Pedro Igor Silva [mailto:psilva@redhat.com]
 *Sent:* Monday, April 17, 2017 7:23 PM
 *To:* Yizhou Jiang(Yizhou)
 *Cc:* keycloak-user(a)lists.jboss.org
 *Subject:* Re: [keycloak-user] Access Token And PRT(request party token),
 which one should I use to access the resource protected by keycloak

 Hi,

 If your resources are protected with a policy enforcer you should send a
 RPT. This token is pretty much an access token with an additional claim
 holding the permissions.

 Regards.
 Pedro Igor

 On Mon, Apr 17, 2017 at 6:08 AM, Yizhou Jiang(Yizhou) <
 yizhoujiang(a)hengtiansoft.com&gt; wrote:

 Hi,
                By reading the document of KeyCloak ,I found that I can use
 a Access-token  or a PRT(request party token) to access the resources
 protected by keycloak.

 1  Use  PRT: https://keycloak.gitbooks.io/documentation/authorization_
 services/topics/enforcer/keycloak-enforcement-bearer.html

 GET /my-resource-server/my-protected-resource HTTP/1.1
 Host: host.com
 Authorization: Bearer ${RPT}

 2  Use access token: https://github.com/keycloak/
 keycloak-quickstarts/blob/master/app-jee-html5/src/main/webapp/app.js

 line 38

 if (keycloak.authenticated) {
        req.setRequestHeader('Authorization', 'Bearer ' +
keycloak.token);
 }

    I'm  confused about the  difference  between them.  I don't know  When
 I should use access token , and when I should use another one ?
 I am looking forward to your reply.

 thanks ,
 yizhou

 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Access Token And PRT(request party token), which one should I use to access the resource protected by keycloak