
<div dir="ltr">Yes it had them, but it didn&#39;t work.<div><br></div><div>When I tried generating the token with the client_id set to the security-admin-console application it worked fine.</div><div><br></div><div>Is that the correct way to do this?</div>

</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <span dir="ltr">&lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Does rodrigosasaki have realm admin privileges?  The role is under<br>

applications-&gt;myrealm-management-&gt;realm-admin<br>

<div class=""><br>

On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:<br>

&gt; I&#39;d like to manage users and roles, creating and updating them.<br>

&gt;<br>

&gt; I obtained a token like this:<br>

&gt;<br>

</div>&gt; *POST /realms/myrealm/tokens/grants/access*<br>

&gt; *<br>

&gt; *<br>

&gt; *username: rodrigosasaki*<br>

&gt; *password: password*<br>

&gt; *client_id: myclient*<br>

&gt; *client_secret: generated_secret*<br>

<div class="">&gt;<br>

&gt; and I got a token back, but then I tried accessing the roles of the<br>

&gt; realm on this URL<br>

&gt;<br>

&gt; /admin/realms/myrealm/roles<br>

&gt;<br>

&gt; And it says I&#39;m not authorized to access this, I&#39;d like to know what<br>

&gt; roles or configuration I should create to be able to manipulate this<br>

&gt; information, just as I do on the admin-console<br>

&gt;<br>

&gt;<br>

&gt; On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen &lt;<a href="mailto:stian@redhat.com">stian@redhat.com</a><br>

</div><div class="">&gt; &lt;mailto:<a href="mailto:stian@redhat.com">stian@redhat.com</a>&gt;&gt; wrote:<br>

&gt;<br>

&gt;     To access the REST API you need to pass the token in the http<br>

&gt;     headers. How to obtain the token in the first place depends on the<br>

&gt;     type of the application you&#39;re trying to invoke the API from. Look<br>

&gt;     at the docs/examples that corresponds to the type of your app<br>

&gt;     (JavaScript, command-line, jax-rs, etc). You also need to make sure<br>

&gt;     the application/client has scope mappings on the required roles.<br>

&gt;<br>

&gt;     ----- Original Message -----<br>

&gt;      &gt; From: &quot;Rodrigo Sasaki&quot; &lt;<a href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a><br>

</div><div class="">&gt;     &lt;mailto:<a href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a>&gt;&gt;<br>

&gt;      &gt; To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

&gt;     &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>&gt;<br>

&gt;      &gt; Sent: Monday, 9 June, 2014 12:59:41 PM<br>

&gt;      &gt; Subject: [keycloak-user] REST API - Bearer Exception<br>

&gt;      &gt;<br>

&gt;      &gt; Hi,<br>

&gt;      &gt;<br>

&gt;      &gt; I&#39;m trying to work with the Keycloak REST API, I logged into the<br>

&gt;      &gt; administration console, and then tried accessing<br>

&gt;     /auth/admin/realms and got<br>

&gt;      &gt; this exception:<br>

&gt;      &gt;<br>

&gt;      &gt; Failed executing GET /admin/realms:<br>

&gt;      &gt; org.jboss.resteasy.spi.UnauthorizedException: Bearer<br>

&gt;      &gt;<br>

&gt;      &gt; How should I build my request to be able to get a response? How<br>

&gt;     should I<br>

&gt;      &gt; authenticate myself in this situation?<br>

&gt;      &gt;<br>

&gt;      &gt; --<br>

&gt;      &gt; Rodrigo Sasaki<br>

&gt;      &gt;<br>

&gt;      &gt; _______________________________________________<br>

&gt;      &gt; keycloak-user mailing list<br>

</div>&gt;      &gt; <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a> &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>&gt;<br>

<div class="im HOEnZb">&gt;      &gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>

&gt;<br>

&gt;<br>

&gt;<br>

&gt;<br>

&gt; --<br>

&gt; Rodrigo Sasaki<br>

&gt;<br>

&gt;<br>

&gt; _______________________________________________<br>

&gt; keycloak-user mailing list<br>

&gt; <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>

&gt;<br>

<br>

--<br>

</div><span class="HOEnZb"><font color="#888888">Bill Burke<br>

JBoss, a division of Red Hat<br>

<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>

</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>

</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font><div></div></div>

</div>