Skip to content

Terminology

access token
A token meant for gaining access to auth APIs. The token that represents either the client, or the user on behalf of a client. It will be used to gain access to the auth API that will eventuallay issue the final needed RPT token.
API
The API of the Obelisk platform. This is the whole service we are trying to gain access to.
auth API
The authorization part of the API of the Obelisk platform. You need access to this first, to gain the eventually needed RPT token. (you use an access token for that)
authN
Short for authentication, the act of identifying oneself.
authZ
short for authorization, the act of gainin access to something.
client
The client application that will use the backend. This may be on behalf of a user, or on behalf of the client itself.
client credentials
The set of client_id (and sometimes client_secret) that identifies your client to the keycloak server.
id_token
A JWT token issued by the Identity Provider, representing the authentication process and the user. This token is meant for the client, so it can customize the experience for the user.
token
The token that represents either the client, or the user on behalf of a client.
RPT
Requesting Party Token this is the actual token that will be used to query the API. It represents the authorizations given to the client to act on its own or on its user's behalf when accessing resources form the API.
refresh_token
Is a token that can be used to ask for a new access token without needing to log in again.
user
The user of the client application, which is a person.