By Marone: February 2020 | last update: March 2020
Obtain JWT AccessToken From Keycloak
Goal
This tutorial is about how to obtain access token as JWT format from keycloakUsed technologies
Keycloak 8.0.1Curl 7.65
jwt.io
GET AccessToken
Notes:
- We send a POST request to the token endpoint: http://localhost:8090/auth/realms/wstutorial/protocol/openid-connect/token
- We use openid-connect protocol which is an authentication layer on top of OAuth 2.0
- Within the POST request we send data as name=value pairs separated with
& - grant_type=password, we use user's credentials to get access token
- The response contains access_token, refresh_token. We will explain access_token in the next step
Access token Payload
Notes:- The payload contains the standard claims, which are defined by the JWT specification, just a few examples:
- "iss" : Issuer
- "sub" : Subject
- "aud" : Audience
- "exp" : Expiration Time
- "nbf" : Not Before
- There is some claims which are part of OpenID Connect (OIDC) specification, some examples:
- "preferred_username" : Shorthand name by which the End-User wishes to be referred to
- "email_verified" : if the user's e-mail address has been verified
- There is also some claims, those is related to keycloak
- "realm_access" : to assign roles related to the realm
- "resource_access" : to assign roles which are related to the client