Hi,
Are you sending the access token or ID token as a bearer ? Could you give
more details on how you are obtaining the token ?
On Wed, Jun 20, 2018 at 5:52 AM, Mark McGuigan <
Mark.McGuigan(a)360globalnet.com> wrote:
Hi,
Apologies if this email is incorrectly posted.
I'm using the newly released Keycloak 4 and I've been able to successfully
get an access token for a user from an access code posted back to my
application. This doesn't contain any permissions on the token (Rightly so,
only roles)
I'm now trying to get an RPT with permissions from the of client
application that reflect what the User is allowed to do.
My request looks something like:
POST /auth/realms/MyRealm/protocol/openid-connect/token HTTP/1.1
Host: localhost:8080
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5c ...
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: 4054feaf-a9d7-48e2-99b6-eabc86bf8da5
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Auma-ticket&audience=
MyClient&permission=Default+Resource
Where the Bearer is the generated access_token. However I'me getting a
response of :
500 Internal Server Error
{
"error": "server_error",
"error_description": "Unexpected error while evaluating
permissions"
}
And a stack trace of:
Unexpected error while evaluating permissions: java.lang.RuntimeException:
Error while reading attributes from security token.
at org.keycloak.authorization.common.KeycloakIdentity.<init>
(KeycloakIdentity.java:139)
at org.keycloak.authorization.common.KeycloakIdentity.<init>
(KeycloakIdentity.java:68)
at org.keycloak.authorization.authorization.
AuthorizationTokenService.lambda$static$1(AuthorizationTokenService.
java:124)
at org.keycloak.authorization.authorization.
AuthorizationTokenService.createEvaluationContext(
AuthorizationTokenService.java:311)
at org.keycloak.authorization.authorization.
AuthorizationTokenService.authorize(AuthorizationTokenService.java:161)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.
permissionGrant(TokenEndpoint.java:1124)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.
processGrantRequest(TokenEndpoint.java:190)
.....
Caused by: java.lang.NullPointerException
at org.keycloak.services.util.DefaultClientSessionContext.
fromClientSessionScopeParameter(DefaultClientSessionContext.java:64)
at org.keycloak.authorization.common.KeycloakIdentity.<init>
(KeycloakIdentity.java:123)
Any Ideas what I may be doing wrong? Any help appreciated.
Regards,
Mark
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev