[keycloak-user] Access Token And PRT(request party token), which one should I use to access the resource protected by keycloak

Yizhou Jiang(Yizhou) yizhoujiang at hengtiansoft.com
Mon Apr 17 10:22:25 EDT 2017 

Hi Pedro Igor,

         Thanks for your reply. but  I still have some confusion.

            https://keycloak.gitbooks.io/documentation/authorization_services/topics/enforcer/keycloak-enforcement-filter.html  have text like follow:
To enable policy enforcement for your application, add the following property to your keycloak.json file:
keycloak.json
{
  "policy-enforcer": {}
}


 so ,the example  https://github.com/keycloak/keycloak-quickstarts/tree/master/service-jee-jaxrs   is protected  by a policy enforcer.  Because  there is



{
  "policy-enforcer": {}
}

in   keycloak.json file  which was  downloaded from the keycloak server.

But the example https://github.com/keycloak/keycloak-quickstarts/blob/master/app-jee-html5/src/main/webapp/app.js
call the  services  using Access Token NOT PRT.



thanks ,
yizhou

From: Pedro Igor Silva [mailto:psilva at redhat.com]
Sent: Monday, April 17, 2017 7:23 PM
To: Yizhou Jiang(Yizhou)
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Access Token And PRT(request party token), which one should I use to access the resource protected by keycloak

Hi,

If your resources are protected with a policy enforcer you should send a RPT. This token is pretty much an access token with an additional claim holding the permissions.

Regards.
Pedro Igor

On Mon, Apr 17, 2017 at 6:08 AM, Yizhou Jiang(Yizhou) <yizhoujiang at hengtiansoft.com<mailto:yizhoujiang at hengtiansoft.com>> wrote:
Hi,
               By reading the document of KeyCloak ,I found that I can use a Access-token  or a PRT(request party token) to access the resources protected by keycloak.

1  Use  PRT: https://keycloak.gitbooks.io/documentation/authorization_services/topics/enforcer/keycloak-enforcement-bearer.html

GET /my-resource-server/my-protected-resource HTTP/1.1
Host: host.com<http://host.com>
Authorization: Bearer ${RPT}

2  Use access token: https://github.com/keycloak/keycloak-quickstarts/blob/master/app-jee-html5/src/main/webapp/app.js

line 38

if (keycloak.authenticated) {
       req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token);
}

   I'm  confused about the  difference  between them.  I don't know  When I should use access token , and when I should use another one ?
I am looking forward to your reply.

thanks ,
yizhou

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list