Authorization
All requests to the API of the Digital Twin Registry must be authorized by including the 'Authorization' HTTP header with the value 'Bearer token', where the token is a valid Java Web Token (JWT).
The JWT is obtained from the KeyCloak API either using the Implicit Flow or the Client Credentials Flow depending on whether a user or a service wants to access the Digital Twin Registry.
The authorization URLs for both the Implicit Flow and the Client Credentials Flow can be found by expanding the Authorizations section here
.
Roles
The roles assigned to a client or user are included in the token issued by KeyCloak. The Digital Twin Registry extracts the roles from the token to authenticate the client or user.
| Find a detailed description of all roles at Concepts > Authorization. |