[keycloak-user] Authorization Client - 403

Hello guys! I would like to as about behaviour of Authorization Client. I’m trying to get user entitlements using authorization client and see the following: If permissions allow access to the resource and scope requested, then everything is ok — I get back token with requested permissions added to it; If permissions do not allow access to the resource, then I would expect returned token without any additional permissions added, but, instead, I get http error 403 (not authorised) from Keycloak. Is it expected behaviour? Having 403 when communicating to Keycloak makes me think, that my client is not authorised to make this call, while it seems, that this is signal about the fact that access to resource is not allowed. Alexey