Yes, I see that this error happens when the resource does not exists.
However, with my user "guest", it happens all the time, even when the
resource does exist...
On Tue, Jul 3, 2018 at 2:15 PM, Pedro Igor Silva <psilva(a)redhat.com> wrote:
OK. Found the issue. Will fix it. Problem is that Sensortest does
not
exist and program enters in a state that a resource-less permission causes
that error.
On Mon, Jul 2, 2018 at 10:05 AM, Corentin Dupont <
corentin.dupont(a)gmail.com> wrote:
> Hi guys,
> I got this error when requesting authorization on a resource:
>
> $ curl -X POST
>
http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
> "Authorization: Bearer $USERTOKEN" -d
> "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audi
> ence=api-server&permission=Sensortest#sensors:view"
>
>
{"error":"server_error","error_description":"Unexpected
error while
> evaluating permissions"}
>
> On the server side I get:
>
> 12:42:11,821 ERROR
> [org.keycloak.authorization.authorization.AuthorizationTokenService]
> (default task-16) Unexpected error while evaluating permissions:
> java.lang.NullPointerException
> at
> org.keycloak.authorization.util.Permissions.permits(Permissions.java:194)
> at
> org.keycloak.authorization.authorization.AuthorizationTokenS
> ervice.authorize(AuthorizationTokenService.java:173)
> at
> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.permissio
> nGrant(TokenEndpoint.java:1124)
> at
> org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGr
> antRequest(TokenEndpoint.java:190)
> at sun.reflect.GeneratedMethodAccessor449.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
> thodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
>
>
> I got my token this way:
> USERTOKEN=`curl -X POST -H "Content-Type:
> application/x-www-form-urlencoded" -d
> 'username=guest&password=guest&grant_type=password&client_
> id=api-server&client_secret=xxx'
> "http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token"
> |
> jq .access_token -r`
>
> This seems to happen for scope-based policies.
>
> Cheers
> Corentin
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>