[keycloak-dev] The best place to get the Request Party Token

Maurício Giacomini Penteado mauriciogiacomini at hotmail.com
Tue Jan 31 07:27:50 EST 2017

Please, I am trying use policy enforcer on my project but I am not having successful.

My app are loging correctly by the two codes:

code 1)
var initOptions = {
     onLoad: 'check-sso',
     responseMode: 'query',
     flow: 'standard'
keycloak.init(initOptions).success(function (authenticated) { ... ... ... }

... and by an angular interceptor:

code 2)
factory('authInterceptor', ['$q', 'keycloak', function ($q, keycloak) {
                return {
                    request: function (config) {
                        var deferred = $q.defer();
                        keycloak.updateToken(30).success(function () {
                            config.headers = config.headers || {};
                            config.headers.Authorization = 'Bearer ' + keycloak.token;
                        }).error(function () {
                            deferred.reject('Failed to refresh token');
                        return deferred.promise;

But, if I enable policy enforcer my service calls are unauthorazed.

It seems to me the best option to use the policy enforcer, in the exact moment that I receive the access token I must change this by an rpt token and from this point forward all my protected service calls will have access to my rpt token.

I have no difficulty using the keycloak-authz.js library to get the rpt token. However, to get this process up and running, I must send a protected resource call and intercept the "WWW-Authenticate" header. I do not see how I can get the rpt token with the codes listed above and If I try to force the rtp token as an authorization header my interceptor it runs and changes the header for my access to the token again.

There is a way to get the rpt token where I am trying or do I have any misconceptions it can not be done in this place?

I will be very grateful if anyone can help me.

Kind regards,
Maurício Penteado.

More information about the keycloak-dev mailing list