[keycloak-user] access_token always contains JWT
Raghuram Prabhala
prabhalar at yahoo.com
Fri Feb 5 07:47:03 EST 2016
Access token is implementation specific. Some commercial software have the concept of "reference tokens" which are nothing but random strings indicated below. The clients have to query back the Authorization server to get a validated JWT token
From: Stian Thorgersen <sthorger at redhat.com>
To: manfred.duchrow at caprica.biz
Cc: keycloak-user <keycloak-user at lists.jboss.org>
Sent: Friday, February 5, 2016 7:10 AM
Subject: Re: [keycloak-user] access_token always contains JWT
There's no such thing as a "simple token". Tokens are always a signed JWT.
On 5 February 2016 at 11:17, <manfred.duchrow at caprica.biz> wrote:
Hi,
I am trying to retrieve an access token from a Keycloak (1.8.0.Final)
service account by
POST /auth/realms/myrealm/protocol/openid-connect/token
with grant_type=client_credentials.
The result contains a signed JWT as value of field "access_token" rather
than a simple token
as described in chapter 18 (Service Accounts) of the user guide.
So what I expect (need) is a response like this:
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"bearer",
"expires_in":60,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"refresh_expires_in":600,
"id_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"not-before-policy":0,
"session-state":"234234-234234-234234"
}
Is there a way to configure the account or the realm to return a simple
token
in "access_token" (and "refresh_token") rather than a JWT?
Cheers,
Manfred
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160205/396739d2/attachment-0001.html
More information about the keycloak-user
mailing list