Re: [keycloak-user] Requires uma_protection scope
At the moment I try to create the resource with a client token (not a user
token):
CLIENTTOKEN=`curl -X POST -H "Content-Type:
application/x-www-form-urlencoded" -d
'grant_type=client_credentials&client_id=api-server&client_secret=4e9dcb80-efcd-484c-b3d7-1e95a0096ac0'
"http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token" |
jq .access_token -r`
curl -X POST "
http://localhost:8080/auth/realms/waziup/authz/protection/resource_set" -H
"Authorization: Bearer $CLIENTTOKEN" -H "Content-Type:
application/json" -d
'{"name":"Sensortest3",
"scopes":["sensors:create","sensors:view","sensors:update","sensors:delete"],"owner":"cdupont",
"ownerManagedAccess": true}'
Is this correct?
Thanks
On Tue, Sep 11, 2018 at 11:28 PM, Pedro Igor Silva <psilva(a)redhat.com>
wrote:
Hi,
Your users must be granted with this client role in order to access the
protection api. This allows user to consent whether or not access should be
granted to resource servers to act on his behalf when managing user
resources.
On Tue, Sep 11, 2018 at 1:19 PM, Corentin Dupont <
corentin.dupont(a)gmail.com> wrote:
> Hi,
> I updated my keycloak to 4.4.0.
> When I get my resources:
> GET on: http://localhost:8080/auth/realms/waziup/authz/
> protection/resource_set
>
> I now get error 403: invalid_scope, Requires uma_protection scope
>
> What did I miss?
> I activated User-Managed Access at realm level.
> Thanks
> Corentin
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>