[keycloak-user] Access token does not contain permissions key

Cristi Cioriia cristi.cioriia at gmail.com
Wed Nov 9 08:25:21 EST 2016

Hi guys,

I've introspected an access key for one of my Keycloak applications and
noticed that it does not contain a permissions key in it (as decribed in
but instead it contains a resource_access/Vertx-server/roles key. My
question is:what do I need to do in order to receive a permissions object
in the access token as described in the above document? The url I used for
retrieving the access token looks like this:


My use case looks like this:

I do have in my Vertx-server application a role based policy that uses a
role named "employee" and a permission that protects one of my resources
using that role based policy. Then when my client application named Vert-x
client requests an access token to access the protected resource from the
Vertx-server, the access token looks like this:

  "jti": "565fbecf-1ef5-4059-9309-fe3fca5d74bd",
  "exp": 1478699031,
  "nbf": 0,
  "iat": 1478695431,
  "iss": "http://localhost:9090/auth/realms/master",
  "aud": "Vertex-client",
  "sub": "0ba24c3e-2fe6-49f2-80b1-08023a236cd6",
  "typ": "Bearer",
  "azp": "Vertex-client",
  "auth_time": 1478695431,
  "session_state": "6e262177-dfd3-498f-a1f2-7a09bd04ff42",
  "name": "",
  "preferred_username": "admin",
  "acr": "1",
  "client_session": "9fc92504-a541-4757-8960-19d7f5457384",
  "allowed-origins": [
  "realm_access": {
    "roles": [
  "resource_access": {
    "Vertex-server": {
      "roles": [
    "master-realm": {
      "roles": [
    "account": {
      "roles": [
  "client_id": "Vertex-client",
  "username": "admin",
  "active": true


More information about the keycloak-user mailing list