3:23 a.m.
First thanks for all the help I have had so far.
I currently have a client using direct access to get a grant from KeyCloak
via the protocol/openid-connect/token url.
The two direct access requests I need that I am having problems tracking
down are;
1) Getting a new grant using the refresh_token
2) Getting a grant for a bearer only client using (I assume the access
token).
Chris
6:18 a.m.
----- Original Message -----
From: "Christopher Davies"
<christopher.james.davies(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Sent: Thursday, 20 August, 2015 10:23:34 AM
Subject: [keycloak-user] Can some one point me in the right direction
First thanks for all the help I have had so far.
I currently have a client using direct access to get a grant from KeyCloak
via the protocol/openid-connect/token url.
The two direct access requests I need that I am having problems tracking down
are;
1) Getting a new grant using the refresh_token
This uses standard openid-connect protocols, send a post to the token endpoint with the
following attributes in the post:
* grant=refresh_token
* refresh_token=<refresh token>
If it's a public client include client_id=<client id>, or if it's a
confidential either include client_id and client_secret or use "Authorization:
Bearer"
2) Getting a grant for a bearer only client using (I assume the
access
token).
Bearer only clients are not allowed to obtain tokens.
Chris
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:55 a.m.
Stian - thanks for getting back to me. I have managed to get the refesh
tokens to work. For some reason I did not need to pass the Authorization
header.
In terms of the Bearer only client. Is there no way to get a token for a
bearer only client.
My senario is that the user logs in to a desktop app that validates its
self via SSO and gets a token to use the desktop app
The user then wishes to use a service on a server. The server has been set
up as a bearer only service (this may be in-corret).
The user wishes to use his current grant to obtain a grant for the service
on the server.
I thought that while playing with the javascript API I had managed to get
the token for a bearer only service and so hoped I could do the same with a
grant obtained by Direct Access
Chris
On Thu, Aug 20, 2015 at 12:18 PM Stian Thorgersen <stian(a)redhat.com> wrote:
----- Original Message -----
> From: "Christopher Davies" <christopher.james.davies(a)gmail.com>
> To: keycloak-user(a)lists.jboss.org
> Sent: Thursday, 20 August, 2015 10:23:34 AM
> Subject: [keycloak-user] Can some one point me in the right direction
>
> First thanks for all the help I have had so far.
>
> I currently have a client using direct access to get a grant from
KeyCloak
> via the protocol/openid-connect/token url.
>
> The two direct access requests I need that I am having problems tracking
down
> are;
> 1) Getting a new grant using the refresh_token
This uses standard openid-connect protocols, send a post to the token
endpoint with the following attributes in the post:
* grant=refresh_token
* refresh_token=<refresh token>
If it's a public client include client_id=<client id>, or if it's a
confidential either include client_id and client_secret or use
"Authorization: Bearer"
> 2) Getting a grant for a bearer only client using (I assume the access
> token).
Bearer only clients are not allowed to obtain tokens.
>
> Chris
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
3416
days inactive
3416
days old
2 comments
2 participants
participants (2)
-
Christopher Davies -
Stian Thorgersen