How To Dev - Example: Get access token/refresh token via user credentials

×

Warning message

You can't delete this newsletter because it has not been sent to all its subscribers.

 

To get access token and refresh token associated with a user the following REST API is available:

POST https://www.snap4city.org/auth/realms/master/protocol/openid-connect/token

Content-Type: application/x-www-form-urlencoded

grant_type=password&client_id=xxx&username=…user…&password=…password…

This is the case where the client_id xxx is a public client (a mobile app or a one page app), if it is a confidential client also the client_secret parameter needs to be provided. The clients need to be registered in keycloak.

Return 200 if the user and password match

{

    "access_token": "…",

    "expires_in": 1500,

    "refresh_expires_in": 2073600,

    "refresh_token": "…",

    "token_type": "bearer",

    "not-before-policy": 0,

    "session_state": "…"

}

The access_token has a limited lifetime (1500 seconds) after that period you can use the refresh token to request a new access token, also the refresh token has a limited life time.

Return 401 if the user credentials are not correct or the client_id is not present

{

    "error": "invalid_grant",

    "error_description": "Invalid user credentials"