[keycloak-user] KeycloakInstalled adapter: Using public client token from keycloak installed adapter to access confidential client
Bruce Wings
testoauth55 at gmail.com
Fri Dec 7 03:09:06 EST 2018
I have created a confidential client - "*server-app"* that secures my Jetty
app through Keycloak jetty adapter and a public client - "*web-app*" that
is provided to all clients of my server app. Both *web-app* and *server-app*
exist under same realm.
In *web-app* client, I have created a *token mapper for 'aud' claim:*
*new java.util.ArrayList(["server-app","web-app"]);*
When I generate a token through keycloak JS adapter or through postman for
web-app client, *I am able* to use the same token to access my jetty app(
that is secured with confidential client).
But when launching *keycloakinstalled *adapter (*.loginDesktop() api*) with
public client(json of web-app client), after successful login , while
trying to access the same Jetty app(secured with confidential client) I
get:
*type=CODE_TO_TOKEN_ERROR, realmId=myRealm, clientId=null, userId=null,
ipAddress=10.252.70.71, error=invalid_client_credentials,
grant_type=authorization_code*
Is the same kind of access not supported in KeycloakInstalled adapter ?
Also, if I launch KeycloakInstalled adapter with confidential client json,
everything works fine i.e I am allowed access to jetty app.
More information about the keycloak-user
mailing list