Re: [keycloak-user] access_token always contains JWT

Access token is implementation specific. Some commercial software have the concept of "reference tokens" which are nothing but random strings indicated below. The clients have to query back the Authorization server to get a validated JWT token ------------------------------------------------------------------------ *From:* Stian Thorgersen <sthorger(a)redhat.com&gt; *To:* manfred.duchrow(a)caprica.biz *Cc:* keycloak-user <keycloak-user(a)lists.jboss.org&gt; *Sent:* Friday, February 5, 2016 7:10 AM *Subject:* Re: [keycloak-user] access_token always contains JWT There's no such thing as a "simple token". Tokens are always a signed JWT. On 5 February 2016 at 11:17, <manfred.duchrow(a)caprica.biz <mailto:manfred.duchrow@caprica.biz>> wrote: Hi, I am trying to retrieve an access token from a Keycloak (1.8.0.Final) service account by POST /auth/realms/myrealm/protocol/openid-connect/token with grant_type=client_credentials. The result contains a signed JWT as value of field "access_token" rather than a simple token as described in chapter 18 (Service Accounts) of the user guide. So what I expect (need) is a response like this: { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"bearer", "expires_in":60, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "refresh_expires_in":600, "id_token":"tGzv3JOkF0XG5Qx2TlKWIA", "not-before-policy":0, "session-state":"234234-234234-234234" } Is there a way to configure the account or the realm to return a simple token in "access_token" (and "refresh_token") rather than a JWT? Cheers, Manfred _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user