The SpringSec Adapter offers a KeycloakRestTemplate that will do all the magic for you ;) https://github.com/keycloak/keycloak/blob/master/adapters/oidc/spring-sec... Check an usage example here : https://github.com/foo4u/keycloak-spring-demo/blob/master/product-app/src... To get the token "manually", you can try to access the KeycloakSecurityContext and extract the token from there, look at this method that does this : https://github.com/keycloak/keycloak/blob/master/adapters/oidc/spring-sec... Hope these pointers will help you Sebi On Fri, Nov 25, 2016 at 4:38 PM, java_os <java(a)neposoft.com&gt; wrote: > What's the best practice on this scenario: > -- > SPA (has the token from keycloak.js) -->Rest call--> Bearer_1 -->Rest > call > --> Bearer_2 > > Bearer_1 and Bearer_2 are spring sec/boot enabled. > Rest calls between Bearer_1 and Bearer_2 using resttemplates and > injecting > into "Authorization" header the "Bearer token_long_string" > > Bearer_1 has the KeycloakAuthenticationToken object. > Bearer_2 needs to be feed in with a valid non-expired token somehow - > but > how? Not sure if one can get this out from KeycloakAuthenticationToken > and > pass it in onto the header calls to bearer_2. > Is this the right approach for in-flight rest calls between 2 bearers? > > What's the best practice on this scenario? > Anyone has done this for real? > - thx. > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >