[keycloak-user] Exchange access token to id token
Bill Burke
bburke at redhat.com
Fri Apr 3 15:40:26 EDT 2015
Oh, you have a REST service being invoked on? And you want to get claim
information? Yes, you can get the access token.
AccessToken accessToken =
((KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName())).getToken();
request here is HttpServetRequest
On 4/3/2015 3:29 PM, Ryvlin, Andrey wrote:
> Can I get user id from the access token?
> That's the only token I can get from HTTP Authorization header. Actual login and getting login response happens earlier, at my web application or oauth client.
> So, at my REST implementation class I only have access token.
>
> Thanks!!
>
> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Bill Burke
> Sent: Friday, April 03, 2015 2:20 PM
> To: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Exchange access token to id token
>
> Our access tokens are actually JsonWebTokens packaged in a Json Web Signature. Direct Grant login should also return an IDToken within the Access Token Response.
>
> On 4/3/2015 3:15 PM, Ryvlin, Andrey wrote:
>> Hi,
>>
>> I’m using Keycloak direct grant login to my REST APIs and I need to
>> get authenticated user information for auditing purpose.
>>
>> At my REST implementation class I can get access token from HTTP
>> header by using a request interceptor, but I believe that token is
>> useless for auditing.
>>
>> Is there Keycloak REST API to get id token for the access token?
>>
>> Thank you in advance
>>
>> Andrey Ryvlin
>>
>> Sr. Software Engineer
>>
>>
>> ----------------------------------------------------------------------
>> --
>>
>> This message is only for the use of the intended recipient and may
>> contain information that is CONFIDENTIAL and PROPRIETARY to
>> MorphoTrust USA, Inc. If you are not the intended recipient, please
>> erase all copies of the message and its attachments and notify the sender immediately.
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> ________________________________
>
> This message is only for the use of the intended recipient and may contain information that is CONFIDENTIAL and PROPRIETARY to MorphoTrust USA, Inc. If you are not the intended recipient, please erase all copies of the message and its attachments and notify the sender immediately.
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list