OK. Found the issue. Will fix it. Problem is that Sensortest does not exist
and program enters in a state that a resource-less permission causes that
error.
On Mon, Jul 2, 2018 at 10:05 AM, Corentin Dupont <corentin.dupont(a)gmail.com>
wrote:
Hi guys,
I got this error when requesting authorization on a resource:
$ curl -X POST
http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
"Authorization: Bearer $USERTOKEN" -d
"grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&
audience=api-server&permission=Sensortest#sensors:view"
{"error":"server_error","error_description":"Unexpected
error while
evaluating permissions"}
On the server side I get:
12:42:11,821 ERROR
[org.keycloak.authorization.authorization.AuthorizationTokenService]
(default task-16) Unexpected error while evaluating permissions:
java.lang.NullPointerException
at
org.keycloak.authorization.util.Permissions.permits(Permissions.java:194)
at
org.keycloak.authorization.authorization.AuthorizationTokenService.
authorize(AuthorizationTokenService.java:173)
at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.
permissionGrant(TokenEndpoint.java:1124)
at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(
TokenEndpoint.java:190)
at sun.reflect.GeneratedMethodAccessor449.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
I got my token this way:
USERTOKEN=`curl -X POST -H "Content-Type:
application/x-www-form-urlencoded" -d
'username=guest&password=guest&grant_type=password&
client_id=api-server&client_secret=xxx'
"http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token" |
jq .access_token -r`
This seems to happen for scope-based policies.
Cheers
Corentin
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user