[keycloak-user] Requires uma_protection scope
Julien Deruere
deruere.julien at gmail.com
Tue Nov 20 11:01:13 EST 2018
In this case I'm using protection API:
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d 'grant_type=client_credentials&client_id=${client_id}&client_secret=${client_secret}'
\
"http://localhost:8080/auth/realms/${realm_name}/protocol/openid-connect/token"
I'm asking a token as a client, not as a user. And I checked, my client has
the uma_protection role in Service Account Role.
I don't know where I'm wrong?
Le mar. 20 nov. 2018 10:54, Pedro Igor Silva <psilva at redhat.com> a écrit :
> Hi,
>
> You need to grant uma_protection client scope (it should be available as
> one of the roles associated with your resource server) to the user to which
> you are issuing tokens for.
>
> On Tue, Nov 20, 2018 at 1:52 PM Julien Deruere <deruere.julien at gmail.com>
> wrote:
>
>> Any update on this?
>> I got the exact same message when using POSTMAN :
>>
>> I fist do this (with grant_type=client_credentials):
>> http://localhost:8080/auth/realms/sg2b/protocol/openid-connect/token
>>
>> And then this with the token I received:
>> GET
>>
>> http://localhost:8080/auth/realms/sg2b/authz/protection/resource_set?type=zone
>> Which answer me this:
>> {
>> "error": "invalid_scope",
>> "error_description": "Requires uma_protection scope."
>> }
>>
> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
More information about the keycloak-user
mailing list