[keycloak-user] Access Token And PRT(request party token), which one should I use to access the resource protected by keycloak

Pedro Igor Silva psilva at redhat.com
Mon Apr 17 13:02:32 EDT 2017 

On Mon, Apr 17, 2017 at 11:22 AM, Yizhou Jiang(Yizhou) <
yizhoujiang at hengtiansoft.com> wrote:

> Hi Pedro Igor,
>
>
>
>          Thanks for your reply. but  I still have some confusion.
>
>
>
>             https://keycloak.gitbooks.io/documentation/authorization_
> services/topics/enforcer/keycloak-enforcement-filter.html  have text like
> follow:
>
> To enable policy enforcement for your application, add the following
> property to your *keycloak.json* file:
>
> keycloak.json
>
> {
>
>   "policy-enforcer": {}
>
> }
>
>
>
>  so ,the example  https://github.com/keycloak/keycloak-quickstarts/tree/master/service-jee-jaxrs   is protected  by a policy enforcer.  Because  there is
>
>
>
> *{*
>
>   *"policy-enforcer"**: {}*
>
> *}*
>
>
>
> in   *keycloak.json* file  which was  downloaded from the keycloak server.
>
>
>
> But the example https://github.com/keycloak/keycloak-quickstarts/blob/
> master/app-jee-html5/src/main/webapp/app.js
>
> call the  services  using Access Token NOT PRT.
>

In this example, you need to change it in order to use the RPT properly if
you have enabled authz. We have some quickstarts here [1] for RH-SSO. But
none in keycloak-quickstarts repo. Will take with Stian about that.

[1] https://github.com/redhat-developer/redhat-sso-quickstarts/tree/7.1.x


>
>
>
>
>
>
> thanks ,
>
> yizhou
>
>
>
> *From:* Pedro Igor Silva [mailto:psilva at redhat.com]
> *Sent:* Monday, April 17, 2017 7:23 PM
> *To:* Yizhou Jiang(Yizhou)
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Access Token And PRT(request party token),
> which one should I use to access the resource protected by keycloak
>
>
>
> Hi,
>
>
>
> If your resources are protected with a policy enforcer you should send a
> RPT. This token is pretty much an access token with an additional claim
> holding the permissions.
>
>
>
> Regards.
> Pedro Igor
>
>
>
> On Mon, Apr 17, 2017 at 6:08 AM, Yizhou Jiang(Yizhou) <
> yizhoujiang at hengtiansoft.com> wrote:
>
> Hi,
>                By reading the document of KeyCloak ,I found that I can use
> a Access-token  or a PRT(request party token) to access the resources
> protected by keycloak.
>
> 1  Use  PRT: https://keycloak.gitbooks.io/documentation/authorization_
> services/topics/enforcer/keycloak-enforcement-bearer.html
>
> GET /my-resource-server/my-protected-resource HTTP/1.1
> Host: host.com
> Authorization: Bearer ${RPT}
>
> 2  Use access token: https://github.com/keycloak/
> keycloak-quickstarts/blob/master/app-jee-html5/src/main/webapp/app.js
>
> line 38
>
> if (keycloak.authenticated) {
>        req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token);
> }
>
>    I'm  confused about the  difference  between them.  I don't know  When
> I should use access token , and when I should use another one ?
> I am looking forward to your reply.
>
> thanks ,
> yizhou
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>

More information about the keycloak-user mailing list