Hi Pedro, Thanks, I got it working. I was initially seeing the error: "Didn't find publicKey for specified kid" But, I finally found I was trying to use the bearer token on an application secured by a different Keycloak instance, which didn't issue the access token! Looks like CURL must already set appropriate headers or something because I didn't even need to enable autodetect-bearer-only. Ryan ________________________________ From: Pedro Igor Silva <psilva(a)redhat.com&gt; Sent: Thursday, May 23, 2019 3:20 PM To: Ryan Slominski Cc: keycloak-user Subject: Re: [keycloak-user] Can a confidential Access Type client also accept bearer tokens? It should be fine to use the same client. However, you may want to set autodetect-bearer-only in keycloak.json. See https://www.keycloak.org/docs/latest/securing_apps/index.html#_java_adapt...;. On Thu, May 23, 2019 at 3:35 PM Ryan Slominski <ryans@jlab.org<mailto:ryans@jlab.org>> wrote: I'm using the Wildfly client adapter to secure access for a web application and it works fine. However, I was wondering if I could have a script to programmatically post some data to one of the web application's end points via a cron job. The examples I have found of doing this assume you have a dedicated "bearer-only" access type client. Do I have to create a separate client for this or can I re-use the existing web application end point, which has access type Confidential? I'm looking at the example here: http://planet.jboss.org/post/getting_started_with_keycloak_securing_a_res... Thanks, Ryan _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user<https://urldefe...