In this case I'm using protection API:
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d
'grant_type=client_credentials&client_id=${client_id}&client_secret=${client_secret}'
\
"http://localhost:8080/auth/realms/${realm_name}/protocol/openid-connect/token"
I'm asking a token as a client, not as a user. And I checked, my client has
the uma_protection role in Service Account Role.
I don't know where I'm wrong?
Le mar. 20 nov. 2018 10:54, Pedro Igor Silva <psilva(a)redhat.com> a écrit :
Hi,
You need to grant uma_protection client scope (it should be available as
one of the roles associated with your resource server) to the user to which
you are issuing tokens for.
On Tue, Nov 20, 2018 at 1:52 PM Julien Deruere <deruere.julien(a)gmail.com>
wrote:
> Any update on this?
> I got the exact same message when using POSTMAN :
>
> I fist do this (with grant_type=client_credentials):
>
http://localhost:8080/auth/realms/sg2b/protocol/openid-connect/token
>
> And then this with the token I received:
> GET
>
>
http://localhost:8080/auth/realms/sg2b/authz/protection/resource_set?type...
> Which answer me this:
> {
> "error": "invalid_scope",
> "error_description": "Requires uma_protection scope."
> }
>
_______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>