To get access token and refresh token associated with a user the following REST API is available:
POST https://www.snap4city.org/auth/realms/master/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=password&client_id=xxx&username=…user…&password=…password…
This is the case where the client_id xxx is a public client (a mobile app or a one page app), if it is a confidential client also the client_secret parameter needs to be provided. The clients need to be registered in keycloak.
Return 200 if the user and password match
{
"access_token": "…",
"expires_in": 1500,
"refresh_expires_in": 2073600,
"refresh_token": "…",
"token_type": "bearer",
"not-before-policy": 0,
"session_state": "…"
}
The access_token has a limited lifetime (1500 seconds) after that period you can use the refresh token to request a new access token, also the refresh token has a limited life time.
Return 401 if the user credentials are not correct or the client_id is not present
{
"error": "invalid_grant",
"error_description": "Invalid user credentials"