Re: [keycloak-user] How to access secured REST endpoint from keycloak-spring-security-adapter

I have a suite of spring applications that are using keycloak for authentication. I'm using the Keycloak spring security adapter and have my successfully secured the endpoints that I want to. I have situations where I need Application A to make a call to a secured endpoint on Application B. I am able to do this client to client communication by using the KeycloakRestTemplate but only when a user calls Application A with a valid token. Application A also has a process that will call Application B without user interaction. When this is done I get an error "java.lang.IllegalStateException: Cannot set authorization header because there is no authenticated principal". This makes sense since I don't have a valid user token. Application A and Application B use the same client in keycloak and it is set to be a confidential client. I have tried it with and without having service accounts enabled.

Some questions I have are: 1. How do I have applications (not users) call a secured REST endpoint? 2. Do the provided keycloak adapters (like the spring security adapter) provide this functionality? 3. Do I need an additional client account to do this? 4. Are there any libraries that handle refreshing these tokens or automatically obtaining one if it doesn't exist? I see lots of examples on how a user can access a secured service, but not much on an application accessing a secured service. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user