[keycloak-user] Authenticating to a client with another client's service account
Paolo Tedesco
Paolo.Tedesco at cern.ch
Fri Mar 23 06:11:02 EDT 2018
Hi all,
I have registered two clients in my Keycloak, one is an API (ID = client_api) and another is a confidential client (ID = confidential_client), which is a standalone application that should access the API with its own credentials.
I've set the access type of both API and application to "confidential".
>From the application, I obtain a token with a POST to https://keycloak-server/auth/realms/master/protocol/openid-connect/token with these parameters:
client_id = confidential_client
client_secret = <confidential client secret>
grant_type = client_credentials
>From this, I obtain a token, that looks like this:
{
"access_token": "eyJhbG...Z0qmQ"
// other stuff
}
Then, I try to call my API with an authentication header with
Bearer = "eyJhbG...Z0qmQ" (the accesss_token from previous step)
However, this does not seem to work, and the API acts like the user is not authenticated.
Any idea of what I'm doing wrong?
Thanks,
Paolo
More information about the keycloak-user
mailing list