I got it . then maybe this is not something i want to do now.

The only reason i was thinking about using plans , is because i have multiple services and i dont want to setup policies for each one of them .

If i remember correctly, If i setup an application then the URL will change , which i dont need to.

I only want services to be secured with the same set of policies. any thoughts ?

On Thu, Aug 20, 2015 at 3:34 PM, Eric Wittmann <eric.wittmann@redhat.com> wrote:

Also I should point out that you can only use plans if you also create at least one application (so that you can create a contract between the application and the service). Plans don't make sense without an application, because without an API Key we won't know which plan is in use for a particular request.

-Eric

On 8/20/2015 2:22 PM, Fadi Abdin wrote:

I think i'm good now .. I was able to make a test service and passes

but i think i found bug .. If i created a plan and set it up with same
policies i setup directly into the service with cors and keycloak , the
service that with the plan by passes keycloak and let me in even with
the browser directly . but the service setup with policies directly
inside it displays "OAuth2 'Authorization' header or 'access_token'
query parameter must be provided." .. which is correct .