Stian - thanks for getting back to me. I have managed to get the refesh tokens to work. For some reason I did not need to pass the Authorization header.

In terms of the Bearer only client. Is there no way to get a token for a bearer only client.

My senario is that the user logs in to a desktop app that validates its self via SSO and gets a token to use the desktop app

The user then wishes to use a service on a server. The server has been set up as a bearer only service (this may be in-corret).

The user wishes to use his current grant to obtain a grant for the service on the server.

I thought that while playing with the javascript API I had managed to get the token for a bearer only service and so hoped I could do the same with a grant obtained by Direct Access

Chris

On Thu, Aug 20, 2015 at 12:18 PM Stian Thorgersen <stian@redhat.com> wrote:

----- Original Message -----
> From: "Christopher Davies" <christopher.james.davies@gmail.com>
> To: keycloak-user@lists.jboss.org
> Sent: Thursday, 20 August, 2015 10:23:34 AM
> Subject: [keycloak-user] Can some one point me in the right direction
>
> First thanks for all the help I have had so far.
>
> I currently have a client using direct access to get a grant from KeyCloak
> via the protocol/openid-connect/token url.
>
> The two direct access requests I need that I am having problems tracking down
> are;
> 1) Getting a new grant using the refresh_token

This uses standard openid-connect protocols, send a post to the token endpoint with the following attributes in the post:
* grant=refresh_token
* refresh_token=<refresh token>

If it's a public client include client_id=<client id>, or if it's a confidential either include client_id and client_secret or use "Authorization: Bearer"

> 2) Getting a grant for a bearer only client using (I assume the access
> token).

Bearer only clients are not allowed to obtain tokens.

>
> Chris
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user