[keycloak-user] REST API - Bearer Exception

Rodrigo Sasaki rodrigopsasaki at gmail.com
Tue Jun 10 17:05:07 EDT 2014 

I always forget that part.

Do I always have to provide a user when I want to do this? Is it possible
for an OAuth Client to authenticate based on name and client secret to get
an access token?


On Tue, Jun 10, 2014 at 5:22 PM, Bill Burke <bburke at redhat.com> wrote:

> You need to add a scope to "myclient" that allows "myclient" to ask for
> admin privileges.
>
>
> On 6/10/2014 4:14 PM, Rodrigo Sasaki wrote:
>
>> Yes it had them, but it didn't work.
>>
>> When I tried generating the token with the client_id set to the
>> security-admin-console application it worked fine.
>>
>> Is that the correct way to do this?
>>
>>
>> On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>>
>>     Does rodrigosasaki have realm admin privileges?  The role is under
>>     applications->myrealm-management->realm-admin
>>
>>     On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:
>>      > I'd like to manage users and roles, creating and updating them.
>>      >
>>      > I obtained a token like this:
>>      >
>>      > *POST /realms/myrealm/tokens/grants/access*
>>      > *
>>      > *
>>      > *username: rodrigosasaki*
>>      > *password: password*
>>      > *client_id: myclient*
>>      > *client_secret: generated_secret*
>>      >
>>      > and I got a token back, but then I tried accessing the roles of the
>>      > realm on this URL
>>      >
>>      > /admin/realms/myrealm/roles
>>      >
>>      > And it says I'm not authorized to access this, I'd like to know
>> what
>>      > roles or configuration I should create to be able to manipulate
>> this
>>      > information, just as I do on the admin-console
>>      >
>>      >
>>      > On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen
>>     <stian at redhat.com <mailto:stian at redhat.com>
>>      > <mailto:stian at redhat.com <mailto:stian at redhat.com>>> wrote:
>>      >
>>      >     To access the REST API you need to pass the token in the http
>>      >     headers. How to obtain the token in the first place depends
>>     on the
>>      >     type of the application you're trying to invoke the API from.
>>     Look
>>      >     at the docs/examples that corresponds to the type of your app
>>      >     (JavaScript, command-line, jax-rs, etc). You also need to
>>     make sure
>>      >     the application/client has scope mappings on the required
>> roles.
>>      >
>>      >     ----- Original Message -----
>>      >      > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com
>>     <mailto:rodrigopsasaki at gmail.com>
>>      >     <mailto:rodrigopsasaki at gmail.com
>>     <mailto:rodrigopsasaki at gmail.com>>>
>>      >      > To: keycloak-user at lists.jboss.org
>>     <mailto:keycloak-user at lists.jboss.org>
>>      >     <mailto:keycloak-user at lists.jboss.org
>>     <mailto:keycloak-user at lists.jboss.org>>
>>      >      > Sent: Monday, 9 June, 2014 12:59:41 PM
>>      >      > Subject: [keycloak-user] REST API - Bearer Exception
>>      >      >
>>      >      > Hi,
>>      >      >
>>      >      > I'm trying to work with the Keycloak REST API, I logged
>>     into the
>>      >      > administration console, and then tried accessing
>>      >     /auth/admin/realms and got
>>      >      > this exception:
>>      >      >
>>      >      > Failed executing GET /admin/realms:
>>      >      > org.jboss.resteasy.spi.UnauthorizedException: Bearer
>>      >      >
>>      >      > How should I build my request to be able to get a
>>     response? How
>>      >     should I
>>      >      > authenticate myself in this situation?
>>      >      >
>>      >      > --
>>      >      > Rodrigo Sasaki
>>      >      >
>>      >      > _______________________________________________
>>      >      > keycloak-user mailing list
>>      >      > keycloak-user at lists.jboss.org
>>     <mailto:keycloak-user at lists.jboss.org>
>>     <mailto:keycloak-user at lists.jboss.org
>>
>>     <mailto:keycloak-user at lists.jboss.org>>
>>      >      > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>      >
>>      >
>>      >
>>      >
>>      > --
>>      > Rodrigo Sasaki
>>      >
>>      >
>>      > _______________________________________________
>>      > keycloak-user mailing list
>>      > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.
>> jboss.org>
>>      > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>      >
>>
>>     --
>>     Bill Burke
>>     JBoss, a division of Red Hat
>>     http://bill.burkecentral.com
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>>
>> --
>> Rodrigo Sasaki
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>



-- 
Rodrigo Sasaki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140610/0e21d37d/attachment.html

More information about the keycloak-user mailing list