keycloak-scim/authorization_services/topics/service/rpt/overview.adoc

[[_service_rpt_overview]]
=== Requesting Party Token

A requesting party token (RPT) is a https://tools.ietf.org/html/rfc7519[JSON web token (JWT)] digitally signed using https://www.rfc-editor.org/rfc/rfc7515.txt[JSON web signature (JWS)]. The token is built based on the OAuth2 access token previously issued by {project_name} to a specific client acting on behalf of an user
or on its own behalf.

When you decode an RPT, you see a payload similar to the following:

```json
{
  "authorization": {
      "permissions": [
        {
          "resource_set_id": "d2fe9843-6462-4bfc-baba-b5787bb6e0e7",
          "resource_set_name": "Hello World Resource"
        }
      ]
  },
  "jti": "d6109a09-78fd-4998-bf89-95730dfd0892-1464906679405",
  "exp": 1464906971,
  "nbf": 0,
  "iat": 1464906671,
  "sub": "f1888f4d-5172-4359-be0c-af338505d86c",
  "typ": "kc_ett",
  "azp": "hello-world-authz-service"
}
```

From this token you can obtain all permissions granted by the server from the *permissions* claim.

Also note that permissions are directly related with the resources/scopes you are protecting and complete decoupled from
the access control methods that were used to actually grant and issue these same permissions.
Improvements and documenting new entitlement request metadata 2017-06-02 19:10:00 +00:00			`[[_service_rpt_overview]]`
Group policy docs and minor fixes to summary 2017-09-22 18:23:59 +00:00			`=== Requesting Party Token`
Improvements and documenting new entitlement request metadata 2017-06-02 19:10:00 +00:00
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`A requesting party token (RPT) is a https://tools.ietf.org/html/rfc7519[JSON web token (JWT)] digitally signed using https://www.rfc-editor.org/rfc/rfc7515.txt[JSON web signature (JWS)]. The token is built based on the OAuth2 access token previously issued by {project_name} to a specific client acting on behalf of an user`
Improvements and documenting new entitlement request metadata 2017-06-02 19:10:00 +00:00			`or on its own behalf.`

			`When you decode an RPT, you see a payload similar to the following:`

			```json
			`{`
			`"authorization": {`
			`"permissions": [`
			`{`
			`"resource_set_id": "d2fe9843-6462-4bfc-baba-b5787bb6e0e7",`
			`"resource_set_name": "Hello World Resource"`
			`}`
			`]`
			`},`
			`"jti": "d6109a09-78fd-4998-bf89-95730dfd0892-1464906679405",`
			`"exp": 1464906971,`
			`"nbf": 0,`
			`"iat": 1464906671,`
			`"sub": "f1888f4d-5172-4359-be0c-af338505d86c",`
			`"typ": "kc_ett",`
			`"azp": "hello-world-authz-service"`
			`}`
			```

			`From this token you can obtain all permissions granted by the server from the permissions claim.`

			`Also note that permissions are directly related with the resources/scopes you are protecting and complete decoupled from`
			`the access control methods that were used to actually grant and issue these same permissions.`