Re: [keycloak-user] Access Token And PRT(request party token), which one should I use to access the resource protected by keycloak

Monday, 17 April 2017

Hi,

If your resources are protected with a policy enforcer you should send a
RPT. This token is pretty much an access token with an additional claim
holding the permissions.

Regards.
Pedro Igor

On Mon, Apr 17, 2017 at 6:08 AM, Yizhou Jiang(Yizhou) <
yizhoujiang(a)hengtiansoft.com&gt; wrote:

...
 Hi,
                By reading the document of KeyCloak ,I found that I can use
 a Access-token  or a PRT(request party token) to access the resources
 protected by keycloak.

 1  Use  PRT: https://keycloak.gitbooks.io/documentation/authorization_
 services/topics/enforcer/keycloak-enforcement-bearer.html

 GET /my-resource-server/my-protected-resource HTTP/1.1
 Host: host.com
 Authorization: Bearer ${RPT}

 2  Use access token: https://github.com/keycloak/
 keycloak-quickstarts/blob/master/app-jee-html5/src/main/webapp/app.js

 line 38

 if (keycloak.authenticated) {
        req.setRequestHeader('Authorization', 'Bearer ' +
keycloak.token);
 }

    I'm  confused about the  difference  between them.  I don't know  When
 I should use access token , and when I should use another one ?
 I am looking forward to your reply.

 thanks ,
 yizhou

 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Access Token And PRT(request party token), which one should I use to access the resource protected by keycloak