If you use the keycloak-spring-boot adapter, it only supports basic authentication (username + password). If you use the keycloak-spring-security adaptor, it gives more options including bearer token support. The bearer token is the access token put into the http header. Specifically you set the “Authentication” header with “Bearer {access token}”. You get the access token from the oauth 2 login process. A good example of code is available in keycloak/examples/cors. —Doug From: Anunay Sinha <anunay.sinha@arvindinternet.com<mailto:anunay.sinha@arvindinternet.com>> Date: Tue, 8 Sep 2015 16:05:39 +0530 To: <keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>> Subject: [keycloak-user] Help with keycloak integration with Spring boot rest api Hi Everyone, I am new to both spring and keycloak and I do admit that am writing this before exhausting all my options, but I have spent quite a good amount of time on this. So here is my deal. I have created a spring boot rest api and have tested it. Next I was trying to integrate it with keyCloak I modified my gradle for keycloak I configured a client in KeyCloak admin console. It was bearer only. { "realm": "TestMyAccount", "realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqKhSVCGWBxzT5nFByxE1EbJ7YVo05JxO4wVVJJsp25gy7GQhR89qidSUkT3onlc4jLEDH5hLt/mszuDSmSUAHrHhSrTWbgF6Ii4L1fwU57+a6W2vVDI3UvSeTxiTnIrvpeD7g9hw/cscOMD7ngiqFAuh0fLj6IS4mmMfGsVf35IfiHpEfRpTS+Th/Y48AAYxJxbZlmNmJe91xCxdbPi36tb2Ecv7kPnXdI3a+ZhSm/NhP3ZYURu9SWcXlCJfRcOo9eATgGu2PruOsrHKl/YKf3+nGTDSmiHLOCRoL2gvedgr/3VzsEFpcJRjrNCWaKhsgMSdr+0N/CDOA6TR76uewIDAQAB", "bearer-only": true, "auth-server-url": "http://127.0.0.1:8080/auth", "ssl-required": "none", "resource": "AIL_MYACCOUNT" } Next I added the following items to my application.properties keycloak.realm = TestMyAccount keycloak.realmKey = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqKhSVCGWBxzT5nFByxE1EbJ7YVo05JxO4wVVJJsp25gy7GQhR89qidSUkT3onlc4jLEDH5hLt/mszuDSmSUAHrHhSrTWbgF6Ii4L1fwU57+a6W2vVDI3UvSeTxiTnIrvpeD7g9hw/cscOMD7ngiqFAuh0fLj6IS4mmMfGsVf35IfiHpEfRpTS+Th/Y48AAYxJxbZlmNmJe91xCxdbPi36tb2Ecv7kPnXdI3a+ZhSm/NhP3ZYURu9SWcXlCJfRcOo9eATgGu2PruOsrHKl/YKf3+nGTDSmiHLOCRoL2gvedgr/3VzsEFpcJRjrNCWaKhsgMSdr+0N/CDOA6TR76uewIDAQAB keycloak.auth-server-url = http://127.0.0.1:8080/auth keycloak.ssl-required = external keycloak.resource = AIL_MYACCOUNT use-resource-role-mappings = false ssl-not-required = true bearer-only = true This is as per the documentation<http://keycloak.github.io/docs/userguide/html/ch08.html#spring-boot-adapter> I don't have a web.xml in my project and going as per the video tutorial I ignored those settings. My access to api was restricted and it is asking me for the authorization. But am not able to provide it. As per the example in the document, it seems like bearer only application work on tokens only. ------------------------------------------------- Here is my first question. Is there a way to generate the tokens for bearers only applications ------------------------------------------------- To get the token I created another client, this time "confidential" redirecting to same base URI and used it to generate the access token When am using this access token to access my API am still getting the 401 error. Am not sure what am doing wrong and where am doing wrong. Request you to please help me with this _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user