[keycloak-user] Requires uma_protection scope

Pedro Igor Silva psilva at redhat.com
Tue Nov 20 11:53:18 EST 2018 

This role should be a client role. For instance, if you are trying to
create resources for C1 the service account must be granted with client
role C1/uma-protection. See screenshot attached.

Regards.

On Tue, Nov 20, 2018 at 2:01 PM Julien Deruere <deruere.julien at gmail.com>
wrote:

> In this case I'm using protection API:
>
> curl -X POST \
>     -H "Content-Type: application/x-www-form-urlencoded" \
>     -d 'grant_type=client_credentials&client_id=${client_id}&client_secret=${client_secret}' \
>     "http://localhost:8080/auth/realms/${realm_name}/protocol/openid-connect/token"
>
>
> I'm asking a token as a client, not as a user. And I checked, my client
> has the uma_protection role in Service Account Role.
>
> I don't know where I'm wrong?
>
> Le mar. 20 nov. 2018 10:54, Pedro Igor Silva <psilva at redhat.com> a écrit :
>
>> Hi,
>>
>> You need to grant uma_protection client scope (it should be available as
>> one of the roles associated with your resource server) to the user to which
>> you are issuing tokens for.
>>
>> On Tue, Nov 20, 2018 at 1:52 PM Julien Deruere <deruere.julien at gmail.com>
>> wrote:
>>
>>> Any update on this?
>>> I got the exact same message when using POSTMAN :
>>>
>>> I fist do this (with grant_type=client_credentials):
>>> http://localhost:8080/auth/realms/sg2b/protocol/openid-connect/token
>>>
>>> And then this with the token I received:
>>> GET
>>>
>>> http://localhost:8080/auth/realms/sg2b/authz/protection/resource_set?type=zone
>>> Which answer me this:
>>> {
>>>     "error": "invalid_scope",
>>>     "error_description": "Requires uma_protection scope."
>>> }
>>>
>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot from 2018-11-20 14-52-31.png
Type: image/png
Size: 103492 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20181120/679146ff/attachment-0001.png

More information about the keycloak-user mailing list