<div dir="ltr">I always forget that part.<div><br></div><div>Do I always have to provide a user when I want to do this? Is it possible for an OAuth Client to authenticate based on name and client secret to get an access token?</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jun 10, 2014 at 5:22 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You need to add a scope to "myclient" that allows "myclient" to ask for admin privileges.<div class="">
<br>
<br>
On 6/10/2014 4:14 PM, Rodrigo Sasaki wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">
Yes it had them, but it didn't work.<br>
<br>
When I tried generating the token with the client_id set to the<br>
security-admin-console application it worked fine.<br>
<br>
Is that the correct way to do this?<br>
<br>
<br>
On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br></div><div class="">
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>> wrote:<br>
<br>
Does rodrigosasaki have realm admin privileges? The role is under<br>
applications->myrealm-<u></u>management->realm-admin<br>
<br>
On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:<br>
> I'd like to manage users and roles, creating and updating them.<br>
><br>
> I obtained a token like this:<br>
><br>
> *POST /realms/myrealm/tokens/grants/<u></u>access*<br>
> *<br>
> *<br>
> *username: rodrigosasaki*<br>
> *password: password*<br>
> *client_id: myclient*<br>
> *client_secret: generated_secret*<br>
><br>
> and I got a token back, but then I tried accessing the roles of the<br>
> realm on this URL<br>
><br>
> /admin/realms/myrealm/roles<br>
><br>
> And it says I'm not authorized to access this, I'd like to know what<br>
> roles or configuration I should create to be able to manipulate this<br>
> information, just as I do on the admin-console<br>
><br>
><br>
> On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen<br>
<<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a> <mailto:<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>><br></div><div class="">
> <mailto:<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a> <mailto:<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>>>> wrote:<br>
><br>
> To access the REST API you need to pass the token in the http<br>
> headers. How to obtain the token in the first place depends<br>
on the<br>
> type of the application you're trying to invoke the API from.<br>
Look<br>
> at the docs/examples that corresponds to the type of your app<br>
> (JavaScript, command-line, jax-rs, etc). You also need to<br>
make sure<br>
> the application/client has scope mappings on the required roles.<br>
><br>
> ----- Original Message -----<br>
> > From: "Rodrigo Sasaki" <<a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.com</a><br>
<mailto:<a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.<u></u>com</a>><br></div><div class="">
> <mailto:<a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.<u></u>com</a><br>
<mailto:<a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.<u></u>com</a>>>><br>
> > To: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br></div><div><div class="h5">
> <mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>><br>
> > Sent: Monday, 9 June, 2014 12:59:41 PM<br>
> > Subject: [keycloak-user] REST API - Bearer Exception<br>
> ><br>
> > Hi,<br>
> ><br>
> > I'm trying to work with the Keycloak REST API, I logged<br>
into the<br>
> > administration console, and then tried accessing<br>
> /auth/admin/realms and got<br>
> > this exception:<br>
> ><br>
> > Failed executing GET /admin/realms:<br>
> > org.jboss.resteasy.spi.<u></u>UnauthorizedException: Bearer<br>
> ><br>
> > How should I build my request to be able to get a<br>
response? How<br>
> should I<br>
> > authenticate myself in this situation?<br>
> ><br>
> > --<br>
> > Rodrigo Sasaki<br>
> ><br>
> > ______________________________<u></u>_________________<br>
> > keycloak-user mailing list<br>
> > <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br></div></div>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a><div class=""><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Rodrigo Sasaki<br>
><br>
><br>
> ______________________________<u></u>_________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a> <mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><br>
><br>
<br>
--<br></div><div class="">
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
______________________________<u></u>_________________<br>
keycloak-user mailing list<br></div><div class="">
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a> <mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><br>
<br>
<br>
<br>
<br>
--<br>
Rodrigo Sasaki<br>
</div></blockquote>
<br><div class="HOEnZb"><div class="h5">
-- <br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font><div></div></div>
</div>