Re: [keycloak-user] Token Validation Endpoint

Thank you all for the quick responses. However, I am having an issue with that endpoint, and am assuming I am doing something wrong :) I am making the request with a Bearer authorization header containing the token of a client that has the admin role in it's service account. I am testing that the client token is valid via the following curl call: curl -s -X GET -H "Authorization: Bearer $_CLIENT_TOKEN" ' http://localhost-docker:8080/auth/admin/realms/master/users' However, when I make the following curl request for token introspection: curl -v -X POST -H "Authorization: Bearer $_CLIENT_TOKEN" --data "token=$_INTROSPECT_TOKEN" \ ' http://localhost-docker:8080/auth/realms/master/protocol/openid-connect/t... ' ... I get the following response: ... and the following console error output: KC-SERVICES0014: Failed client authentication: org.keycloak.authentication.AuthenticationFlowException: Client was not identified by any client authenticator org.keycloak.authentication.ClientAuthenticationFlow.processFlow(ClientAuthenticationFlow.java:101) org.keycloak.authentication.AuthenticationProcessor.authenticateClient(AuthenticationProcessor.java:673) org.keycloak.protocol.oidc.utils.AuthorizeClientUtil.authorizeClient(AuthorizeClientUtil.java:42) type=INTROSPECT_TOKEN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=192.168.99.1, error=invalid_client_credentials type=INTROSPECT_TOKEN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=192.168.99.1, error=invalid_request, detail='Authentication failed.' Is there another method I should be using to authenticate the client for this request? Is there something else that you see that I am doing wrong? On Wed, Apr 20, 2016 at 10:13 AM, Thomas Darimont < thomas.darimont(a)googlemail.com&gt; wrote: