All requests to the API of the Digital Twin Registry must be authorized by including the 'Authorization' HTTP header with the value 'Bearer token', where the token is a valid Java Web Token (JWT).
The JWT is obtained from the KeyCloak API either using the Implicit Flow or the Client Credentials Flow depending on whether a user or a service wants to access the Digital Twin Registry.
The authorization URLs for the Implicit Flow and the Client Credentials Grant can be found here.
The roles assigned to a client or user are included in the token issued by KeyCloak. The Digital Twin Registry extracts the roles from the token to authenticate the client or user.
|Find a detailed description of all roles at Concepts > Authorization.