[keycloak-user] Obtaining RPT with Keycloak installed

Pedro Igor Silva psilva at redhat.com
Tue Sep 11 07:30:30 EDT 2018


On Tue, Sep 11, 2018 at 6:58 AM, keycloak demo <testoauth55 at gmail.com>
wrote:

> I am using keycloak installed through which I can obtain access token. like
> this:
>
> *keycloakinstalled.loginDesktop();*
> *AccessToken token = keycloak.getToken();*
>
> But how can I obtain RPT (Requesting Party Token) in case of
> keycloakinstalled?
>
> I have followed the doc:
> https://www.keycloak.org/docs/4.3/authorization_services/#
> obtaining-user-entitlements
> which
> gives a way to request RPT by using AuthzClient. But how can it be done if
> I am using keycloakinstalled?
>
> Also by decoding the RPT and accessToken I can see that RPT has
> authorization & permissions info which Access Token does not have:
>
> "authorization": { "permissions": [.....
>
>
> In summary, I have 2 questions:
>
> 1. Which one (Access token or RPT) should be used if I want to use
> authorization in my client application? What is the exact difference in
> terms of usage between the two?
>

The main difference between the two is that RPT gives you additional claims
representing permissions with a specific audience set to the target
resource server. RPTs are also obtained using a different grant type.


>
> 2. How can the RPT be obtained in case of Keycloak installed?
>

I have never tested this before, could you please fill a JIRA with more
details about what you are trying to achieve with keycloak installed. Need
to check if we could implement something for better support of RPTs.


> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list