<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"><style type="text/css">body { background: rgba(255, 255, 255, 255); }</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi all,<div class=""><br class=""></div><div class="">I have just upgrade from 1.0-beta 3 to 1.0.1 final and am running into some serious issues.</div><div class=""><br class=""></div><div class="">First a question: when will keycloak-core 1.0.1 be available from maven central? I am having to use 1.0-final in my war - is that compatible with 1.0.1 keycloak war - which is running on my server.</div><div class=""><br class=""></div><div class=""><div class="">I upgraded by doing a complete wipe of the keycloak database, and reinstalling 1.0.1 over my wildly configuration. I am able to use the keycloak admin screens flawlessly. </div></div><div class=""><br class=""></div><div class="">Now onto my problem.</div><div class=""><br class=""></div><div class=""><div class="">In 1.0.3-beta I used to have a access type bearer-only application which used the rest api to register and login users to keycloak.</div></div><div class=""><br class=""></div><div class="">After upgrading I have found that even if I set the application to be bearer-only, keycloak still throws an invalid redirect uri error whenever I try to use the rest end points (surely this should not happen with a bearer-only application). In order to fix this I have moved the application over to access type confidential (it is sitting on the same server as keycloak) - are there any pointers to the correct config for this in 1.0.1? Basically my application is the backend to a mobile app that is using keycloak for access control - at the moment I am not allowed to use the keycloak login/register screens so must proxy it through the server. I am now able to register users using this configuration, but would prefer to go back to bearer-only</div><div class=""><br class=""></div><div class="">I also have a Direct Grant Only client which I use for the mobile application itself. I am able to get an access token by using the TOKEN_SERVICE_DIRECT_GRANT_PATH via the proxy server but when I try to access a resource with that bearer token set in the header I am still getting an unauthorised response.</div><div class=""><br class=""></div><div class="">My applications keycloak.json looks like this</div><div class=""><br class=""></div><div class=""><pre style="background-color: rgb(43, 43, 43);" class=""><font face="Menlo" size="4" color="#a9b7c6" class="">{<br class=""> </font><span style="font-family: Menlo; font-size: 12pt; color: rgb(152, 118, 170);" class="">"realm"</span><font face="Menlo" size="4" color="#a9b7c6" class="">: </font><span style="font-family: Menlo; font-size: 12pt; color: rgb(106, 135, 89);" class="">"shift"</span><span style="font-family: Menlo; font-size: 12pt; color: rgb(204, 120, 50);" class="">,<br class=""></span><span style="font-family: Menlo; font-size: 12pt; color: rgb(204, 120, 50);" class=""> </span><span style="font-family: Menlo; font-size: 12pt; color: rgb(152, 118, 170);" class="">"realm-public-key"</span><font face="Menlo" size="4" color="#a9b7c6" class="">: </font><font face="Menlo" size="4" color="#6a8759" class="">“</font><span style="font-family: Menlo; font-size: 12pt; color: rgb(106, 135, 89);" class="">**"</span><span style="font-family: Menlo; font-size: 12pt; color: rgb(204, 120, 50);" class="">,<br class=""></span><span style="font-family: Menlo; font-size: 12pt; color: rgb(204, 120, 50);" class=""> </span><span style="font-family: Menlo; font-size: 12pt; color: rgb(152, 118, 170);" class="">"auth-server-url"</span><font face="Menlo" size="4" color="#a9b7c6" class="">: </font><span style="font-family: Menlo; font-size: 12pt; color: rgb(106, 135, 89);" class="">"<a href="http://.../auth" class="">http://.../auth</a>"</span><span style="font-family: Menlo; font-size: 12pt; color: rgb(204, 120, 50);" class="">,<br class=""></span><span style="font-family: Menlo; font-size: 12pt; color: rgb(204, 120, 50);" class=""> </span><span style="font-family: Menlo; font-size: 12pt; color: rgb(152, 118, 170);" class="">"ssl-required"</span><font face="Menlo" size="4" color="#a9b7c6" class="">: </font><span style="font-family: Menlo; font-size: 12pt; color: rgb(106, 135, 89);" class="">"none"</span><span style="font-family: Menlo; font-size: 12pt; color: rgb(204, 120, 50);" class="">,<br class=""></span><span style="font-family: Menlo; font-size: 12pt; color: rgb(204, 120, 50);" class=""> </span><span style="font-family: Menlo; font-size: 12pt; color: rgb(152, 118, 170);" class="">"resource"</span><font face="Menlo" size="4" color="#a9b7c6" class="">: </font><span style="font-family: Menlo; font-size: 12pt; color: rgb(106, 135, 89);" class="">"shift-server"</span><span style="font-family: Menlo; font-size: 12pt; color: rgb(204, 120, 50);" class="">,<br class=""></span><span style="font-family: Menlo; font-size: 12pt; color: rgb(204, 120, 50);" class=""> </span><span style="font-family: Menlo; font-size: 12pt; color: rgb(152, 118, 170);" class="">"credentials"</span><font face="Menlo" size="4" color="#a9b7c6" class="">: {<br class=""> </font><span style="font-family: Menlo; font-size: 12pt; color: rgb(152, 118, 170);" class="">"secret"</span><font face="Menlo" size="4" color="#a9b7c6" class="">: </font><font face="Menlo" size="4" color="#6a8759" class="">“</font><span style="font-family: Menlo; font-size: 12pt; color: rgb(106, 135, 89);" class="">**"<br class=""></span><span style="font-family: Menlo; font-size: 12pt; color: rgb(106, 135, 89);" class=""> </span><font face="Menlo" size="4" color="#a9b7c6" class="">}<br class="">}</font></pre><div class=""><br class=""></div></div><div class="">and my client JSON looks like this (although this is not put anywhere in my application war)</div><div class=""><br class=""></div><div class=""><div class="">{</div><div class=""> "realm": "shift",</div><div class=""> "realm-public-key": “***",</div><div class=""> "auth-server-url": "<a href="http://.../auth" class="">http://.../auth</a>",</div><div class=""> "ssl-required": "none",</div><div class=""> "resource": "shift-ios",</div><div class=""> "public-client": true</div><div class="">}</div></div><div class=""><br class=""></div><div class="">I can login in with a correct username and password setting the client id to ‘shift-ios’. However when I try to access a protected resource like this</div><div class=""><br class=""></div><div class=""><div class="">GET /shift/feed HTTP/1.1</div><div class="">Host: www…..com</div><div class="">Connection: keep-alive</div><div class="">Accept: */*</div><div class="">User-Agent: shift-ios-client/1.0 CFNetwork/711.0.6 Darwin/14.0.0</div><div class="">Accept-Language: en-us</div><div class="">Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJuYW………...5lXDBvPGu3bI7msV6Xh34g2PG1E2-d0GchWLFb4kGWofDbexDgIJoP1eeSHnKmahAHHbcl_LZkI3ayKYCgF-o3vfk0yh4T-zptEdK1EHFDndz4SkJlrPsyawueekf1mJD-drilFlL55nLIfFqjpaNdQDr5R3lAjUb0</div><div class="">Accept-Encoding: gzip, deflate</div><div class=""><br class=""></div></div><div class="">where the Bearer header is the access token I get from logging in, then I get a 403 unauthorised response.</div><div class=""><br class=""></div><div class="">This used to work perfectly in beta 3, but I seem unable to make this work in 1.0(.1) final.</div><div class=""><br class=""></div><div class="">Could this be because I am using 1.0-core instead of 1.0.1-core</div><div class=""><br class=""></div><div class="">Please help, as this has stopped all work on the product, and I am completely stuck. Whats the best way to go about debugging this?</div><div class=""><br class=""></div><div class="">Conrad</div><div class=""><br class=""></div></body></html>