Weird question, I know but I am doing a demo on Keycloak and am using the python-flask ‘oidc.get_access_token()’ function to show the different authorization flows. It seems that I get an Token ID returned with this function, not an Access Token. Maybe I’m confusing the two but my understanding is that the Token ID is for the Implicit flow (which I’m using - selected in Keycloak Clients) and the Access token is for the Authorization flow. I tried to get some clarity on this in the docs but can’t seem to find. Thanks in advance for any input.
Hi.
If you get any token (access or token ID) in the flow, that is an implicit flow. Authorization flows only results in a code being returned, which can be exchanged by the client for the (two) tokens later, using a /token call.
Thank you for your response. I have Authorization Flow enabled (only - implicit flow disabled) on Keycloak and it looks like I’m getting an access token returned. The JWT matches the access token noted on the docs.ID Token and Access Token: What Is the Difference?
Are you saying the flow selection on the client in Keycloak doesn’t apply?
-Paul