[keycloak-dev] 403, Forbidden Issue with POST, PUT, DELETE

Hi Team, I am trying to setup a standalone keycloak server and able to do it. With the help of keycloak I am trying to secure REST endpoints which I am exposing in my spring boot application. I have all required steps to configure keycloak with spring boot application link - - creating new realm. - Creating new client in that realm. - new admin and user roles - creating users with admin and user roles. I am able to get access token with the help of admin user like below - curl -d "grant_type=password&client_id=product-app&username=admin&password=admin" http://localhost:8181/auth/realms/springboot/protocol/openid-connect/token And with the help of retrieved token i have able to hit GET end points of my application. But when I do POST, PUT, DELETE requests with token i get -- { "timestamp": "2018-09-03T11:27:16.266+0000", "status": 403, "error": "Forbidden", "message": "Forbidden", "path": "/ds/api/v1/template/create" } It might be a scope issue on the user I am creating, but I am not getting any pointer to give correct scope to user. Kindly suggest any pointer or help will be very much appreciated. Thanks! -- Regards Mahendra Anand Mobile - +91 9711429614 Skype - mahendra.anand