How To Dev - Example: Get access token/refresh token via user credentials


To get access token and refresh token associated with a user the following REST API is available:


Content-Type: application/x-www-form-urlencoded


This is the case where the client_id xxx is a public client (a mobile app or a one page app), if it is a confidential client also the client_secret parameter needs to be provided. The clients need to be registered in keycloak.

Return 200 if the user and password match


    "access_token": "…",

    "expires_in": 1500,

    "refresh_expires_in": 2073600,

    "refresh_token": "…",

    "token_type": "bearer",

    "not-before-policy": 0,

    "session_state": "…"


The access_token has a limited lifetime (1500 seconds) after that period you can use the refresh token to request a new access token, also the refresh token has a limited life time.

Return 401 if the user credentials are not correct or the client_id is not present


    "error": "invalid_grant",

    "error_description": "Invalid user credentials"