[keycloak-user] Requires uma_protection scope

Julien Deruere deruere.julien at gmail.com
Tue Nov 20 11:55:30 EST 2018 

That's exactly what I did/checked. That's why I can't figure out why it's
not working :(

Le mar. 20 nov. 2018 11:53, Pedro Igor Silva <psilva at redhat.com> a écrit :

> This role should be a client role. For instance, if you are trying to
> create resources for C1 the service account must be granted with client
> role C1/uma-protection. See screenshot attached.
>
> Regards.
>
> On Tue, Nov 20, 2018 at 2:01 PM Julien Deruere <deruere.julien at gmail.com>
> wrote:
>
>> In this case I'm using protection API:
>>
>> curl -X POST \
>>     -H "Content-Type: application/x-www-form-urlencoded" \
>>     -d 'grant_type=client_credentials&client_id=${client_id}&client_secret=${client_secret}' \
>>     "http://localhost:8080/auth/realms/${realm_name}/protocol/openid-connect/token"
>>
>>
>> I'm asking a token as a client, not as a user. And I checked, my client
>> has the uma_protection role in Service Account Role.
>>
>> I don't know where I'm wrong?
>>
>> Le mar. 20 nov. 2018 10:54, Pedro Igor Silva <psilva at redhat.com> a
>> écrit :
>>
>>> Hi,
>>>
>>> You need to grant uma_protection client scope (it should be available as
>>> one of the roles associated with your resource server) to the user to which
>>> you are issuing tokens for.
>>>
>>> On Tue, Nov 20, 2018 at 1:52 PM Julien Deruere <deruere.julien at gmail.com>
>>> wrote:
>>>
>>>> Any update on this?
>>>> I got the exact same message when using POSTMAN :
>>>>
>>>> I fist do this (with grant_type=client_credentials):
>>>> http://localhost:8080/auth/realms/sg2b/protocol/openid-connect/token
>>>>
>>>> And then this with the token I received:
>>>> GET
>>>>
>>>> http://localhost:8080/auth/realms/sg2b/authz/protection/resource_set?type=zone
>>>> Which answer me this:
>>>> {
>>>>     "error": "invalid_scope",
>>>>     "error_description": "Requires uma_protection scope."
>>>> }
>>>>
>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>

More information about the keycloak-user mailing list