I have a suite of spring applications that are using keycloak for authentication. I'm
using the Keycloak spring security adapter and have my successfully secured the endpoints
that I want to. I have situations where I need Application A to make a call to a secured
endpoint on Application B. I am able to do this client to client communication by using
the KeycloakRestTemplate but only when a user calls Application A with a valid token.
Application A also has a process that will call Application B without user interaction.
When this is done I get an error "java.lang.IllegalStateException: Cannot set
authorization header because there is no authenticated principal". This makes sense
since I don't have a valid user token.
Application A and Application B use the same client in keycloak and it is set to be a
confidential client. I have tried it with and without having service accounts enabled.
Some questions I have are:
1. How do I have applications (not users) call a secured REST endpoint?
2. Do the provided keycloak adapters (like the spring security adapter) provide this
functionality?
3. Do I need an additional client account to do this?
4. Are there any libraries that handle refreshing these tokens or automatically obtaining
one if it doesn't exist?
I see lots of examples on how a user can access a secured service, but not much on an
application accessing a secured service.