Re: [keycloak-user] Bearer Only Application access with token

Hi, I'm trying to secure a bearer-only application with keycloak, to access it with access tokens, but I think I'm missing something. I tried it with the database-service of the unconfigured demo. 1. I created the user role in the application. 2. I assigned that role to my user 3. I copied the contents of the installation json to *webapp/META-INF/keycloak.json* { "realm": "demo", "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwRayjzh7W+EfPaeSdyXWLyXof7c3fwD7vb0AEtG+ogLHtMkYiTdX9y/JXOmXwWDzGhx7NM3Q6vkCG0F3lZqOVsSlYH56c5+Ev4QmSGK/+6e+WcZMcgmscoz1OoXKom4+pzqMey42hqdwwMhkvCq/jxJSmUGnZJQuqEKVH00NZ1wIDAQAB", "bearer-only": true, "ssl-not-required": true, "resource": "database-service", "use-resource-role-mappings": true } 4. Set the auth-method to *KEYCLOAK* on web.xml 5. Started the server deploying the *database-service* 6. Generated a token using *security-admin-console* client_id and my user 7. Submitted a GET request to /localhost:8080/database/customers/ After these steps I get a 403 error, saying that I'm not authorized to access the resource, wasn't this supposed to work? -- Rodrigo Sasaki _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user