Re: [keycloak-user] Requires uma_protection scope

That's exactly what I did/checked. That's why I can't figure out why it's not working :( Le mar. 20 nov. 2018 11:53, Pedro Igor Silva <psilva(a)redhat.com&gt; a écrit : > This role should be a client role. For instance, if you are trying to > create resources for C1 the service account must be granted with client > role C1/uma-protection. See screenshot attached. > > Regards. > > On Tue, Nov 20, 2018 at 2:01 PM Julien Deruere <deruere.julien(a)gmail.com > > wrote: > >> In this case I'm using protection API: >> >> curl -X POST \ >> -H "Content-Type: application/x-www-form-urlencoded" \ >> -d 'grant_type=client_credentials&client_id=${client_id}&client_secret=${client_secret}' \ >> " http://localhost:8080/auth/realms/${realm_name}/protocol/openid-connect/t... " >> >> >> I'm asking a token as a client, not as a user. And I checked, my client >> has the uma_protection role in Service Account Role. >> >> I don't know where I'm wrong? >> >> Le mar. 20 nov. 2018 10:54, Pedro Igor Silva <psilva(a)redhat.com&gt; a >> écrit : >> >>> Hi, >>> >>> You need to grant uma_protection client scope (it should be available as >>> one of the roles associated with your resource server) to the user to which >>> you are issuing tokens for. >>> >>> On Tue, Nov 20, 2018 at 1:52 PM Julien Deruere < deruere.julien(a)gmail.com&gt; >>> wrote: >>> >>>> Any update on this? >>>> I got the exact same message when using POSTMAN : >>>> >>>> I fist do this (with grant_type=client_credentials): >>>> http://localhost:8080/auth/realms/sg2b/protocol/openid-connect/token >>>> >>>> And then this with the token I received: >>>> GET >>>> >>>> http://localhost:8080/auth/realms/sg2b/authz/protection/resource_set?type... >>>> Which answer me this: >>>> { >>>> "error": "invalid_scope", >>>> "error_description": "Requires uma_protection scope." >>>> } >>>> >>> _______________________________________________ >>>> keycloak-user mailing list >>>> keycloak-user(a)lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> >>> _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user