<div dir="ltr">I got it . then maybe this is not something i want to do now. <div><br></div><div>The only reason i was thinking about using plans , is because i have multiple services and i dont want to setup policies for each one of them . </div><div>If i remember correctly, If i setup an application then the URL will change , which i dont need to. </div><div><br></div><div>I only want services to be secured with the same set of policies. any thoughts ? </div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 20, 2015 at 3:34 PM, Eric Wittmann <span dir="ltr"><<a href="mailto:eric.wittmann@redhat.com" target="_blank">eric.wittmann@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Also I should point out that you can only use plans if you also create at least one application (so that you can create a contract between the application and the service). Plans don't make sense without an application, because without an API Key we won't know which plan is in use for a particular request.<span class="HOEnZb"><font color="#888888"><br>
<br>
-Eric</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
On 8/20/2015 2:22 PM, Fadi Abdin wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I think i'm good now .. I was able to make a test service and passes<br>
<br>
but i think i found bug .. If i created a plan and set it up with same<br>
policies i setup directly into the service with cors and keycloak , the<br>
service that with the plan by passes keycloak and let me in even with<br>
the browser directly . but the service setup with policies directly<br>
inside it displays "OAuth2 'Authorization' header or 'access_token'<br>
query parameter must be provided." .. which is correct .<br>
</blockquote>
</div></div></blockquote></div><br></div>