[keycloak-user] Can some one point me in the right direction

Christopher Davies christopher.james.davies at gmail.com
Thu Aug 20 09:55:20 EDT 2015


Stian - thanks for getting back to me. I have managed to get the refesh
tokens to work. For some reason I did not need to pass the Authorization
header.

In terms of the Bearer only client. Is there no way to get a token for a
bearer only client.

My senario is that the user logs in to a desktop app that validates its
self via SSO and gets a token to use the desktop app
The user then wishes to use a service on a server. The server has been set
up as a bearer only service (this may be in-corret).
The user wishes to use his current grant to obtain a grant for the service
on the server.

I thought that while playing with the javascript API I had managed to get
the token for a bearer only service and so hoped I could do the same with a
grant obtained by Direct Access

Chris


On Thu, Aug 20, 2015 at 12:18 PM Stian Thorgersen <stian at redhat.com> wrote:

>
>
> ----- Original Message -----
> > From: "Christopher Davies" <christopher.james.davies at gmail.com>
> > To: keycloak-user at lists.jboss.org
> > Sent: Thursday, 20 August, 2015 10:23:34 AM
> > Subject: [keycloak-user] Can some one point me in the right direction
> >
> > First thanks for all the help I have had so far.
> >
> > I currently have a client using direct access to get a grant from
> KeyCloak
> > via the protocol/openid-connect/token url.
> >
> > The two direct access requests I need that I am having problems tracking
> down
> > are;
> > 1) Getting a new grant using the refresh_token
>
> This uses standard openid-connect protocols, send a post to the token
> endpoint with the following attributes in the post:
> * grant=refresh_token
> * refresh_token=<refresh token>
>
> If it's a public client include client_id=<client id>, or if it's a
> confidential either include client_id and client_secret or use
> "Authorization: Bearer"
>
> > 2) Getting a grant for a bearer only client using (I assume the access
> > token).
>
> Bearer only clients are not allowed to obtain tokens.
>
> >
> > Chris
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150820/8ba021b8/attachment.html 


More information about the keycloak-user mailing list