API OIDC Demo 2

This demo uses three Keycloak browser clients against realm amsc. Tier 1 issues readonly tokens, tier 2 issues full-access short-lived tokens, and tier 3 reuses the full-access scope set with a longer lifetime and a Keycloak-side eligibility gate. Users can also set allowed IP ranges for their token session, and the backend enforces those ranges on protected endpoints.

Session

Realm: amsc
API Audience: api-oidc-demo-2-api
Active Tier: -
Client: -
Subject: -
Granted Scopes: -
Observed Client IP: -
Allowed Ranges: -

Tier 1 scopes: openid profile demo2.projects.read demo2.reports.read demo2.users.read
Tier 2 scopes: openid profile demo2.projects.read demo2.reports.read demo2.users.read demo2.users.write
Tier 3 scopes: openid profile demo2.projects.read demo2.reports.read demo2.users.read demo2.users.write

IP Policy

Leave the list empty to disable IP-range enforcement for your subject. When set, every protected demo endpoint checks the request IP against these CIDRs.

Access Token Claims

Choose a tier and log in.

Endpoint Actions

API Response

No API request sent yet.