6:59 a.m.
Hi,
I'm trying to work with the Keycloak REST API, I logged into the
administration console, and then tried accessing */auth/admin/realms* and
got this exception:
*Failed executing GET /admin/realms:
org.jboss.resteasy.spi.UnauthorizedException: Bearer*
How should I build my request to be able to get a response? How should I
authenticate myself in this situation?
--
Rodrigo Sasaki
8:16 a.m.
To access the REST API you need to pass the token in the http headers. How to obtain the
token in the first place depends on the type of the application you're trying to
invoke the API from. Look at the docs/examples that corresponds to the type of your app
(JavaScript, command-line, jax-rs, etc). You also need to make sure the application/client
has scope mappings on the required roles.
----- Original Message -----
From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Sent: Monday, 9 June, 2014 12:59:41 PM
Subject: [keycloak-user] REST API - Bearer Exception
Hi,
I'm trying to work with the Keycloak REST API, I logged into the
administration console, and then tried accessing /auth/admin/realms and got
this exception:
Failed executing GET /admin/realms:
org.jboss.resteasy.spi.UnauthorizedException: Bearer
How should I build my request to be able to get a response? How should I
authenticate myself in this situation?
--
Rodrigo Sasaki
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:02 p.m.
I'd like to manage users and roles, creating and updating them.
I obtained a token like this:
*POST /realms/myrealm/tokens/grants/access*
*username: rodrigosasaki*
*password: password*
*client_id: myclient*
*client_secret: generated_secret*
and I got a token back, but then I tried accessing the roles of the realm
on this URL
/admin/realms/myrealm/roles
And it says I'm not authorized to access this, I'd like to know what roles
or configuration I should create to be able to manipulate this information,
just as I do on the admin-console
On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
To access the REST API you need to pass the token in the http
headers. How
to obtain the token in the first place depends on the type of the
application you're trying to invoke the API from. Look at the docs/examples
that corresponds to the type of your app (JavaScript, command-line, jax-rs,
etc). You also need to make sure the application/client has scope mappings
on the required roles.
----- Original Message -----
> From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com>
> To: keycloak-user(a)lists.jboss.org
> Sent: Monday, 9 June, 2014 12:59:41 PM
> Subject: [keycloak-user] REST API - Bearer Exception
>
> Hi,
>
> I'm trying to work with the Keycloak REST API, I logged into the
> administration console, and then tried accessing /auth/admin/realms and
got
> this exception:
>
> Failed executing GET /admin/realms:
> org.jboss.resteasy.spi.UnauthorizedException: Bearer
>
> How should I build my request to be able to get a response? How should I
> authenticate myself in this situation?
>
> --
> Rodrigo Sasaki
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Rodrigo Sasaki
2:26 p.m.
Does rodrigosasaki have realm admin privileges? The role is under
applications->myrealm-management->realm-admin
On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:
I'd like to manage users and roles, creating and updating them.
I obtained a token like this:
*POST /realms/myrealm/tokens/grants/access*
*
*
*username: rodrigosasaki*
*password: password*
*client_id: myclient*
*client_secret: generated_secret*
and I got a token back, but then I tried accessing the roles of the
realm on this URL
/admin/realms/myrealm/roles
And it says I'm not authorized to access this, I'd like to know what
roles or configuration I should create to be able to manipulate this
information, just as I do on the admin-console
On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen <stian(a)redhat.com
<mailto:stian@redhat.com>> wrote:
To access the REST API you need to pass the token in the http
headers. How to obtain the token in the first place depends on the
type of the application you're trying to invoke the API from. Look
at the docs/examples that corresponds to the type of your app
(JavaScript, command-line, jax-rs, etc). You also need to make sure
the application/client has scope mappings on the required roles.
----- Original Message -----
> From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com
<mailto:rodrigopsasaki@gmail.com>>
> To: keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
> Sent: Monday, 9 June, 2014 12:59:41 PM
> Subject: [keycloak-user] REST API - Bearer Exception
>
> Hi,
>
> I'm trying to work with the Keycloak REST API, I logged into the
> administration console, and then tried accessing
/auth/admin/realms and got
> this exception:
>
> Failed executing GET /admin/realms:
> org.jboss.resteasy.spi.UnauthorizedException: Bearer
>
> How should I build my request to be able to get a response? How
should I
> authenticate myself in this situation?
>
> --
> Rodrigo Sasaki
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Rodrigo Sasaki
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3:14 p.m.
Yes it had them, but it didn't work.
When I tried generating the token with the client_id set to the
security-admin-console application it worked fine.
Is that the correct way to do this?
On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke(a)redhat.com> wrote:
Does rodrigosasaki have realm admin privileges? The role is under
applications->myrealm-management->realm-admin
On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:
> I'd like to manage users and roles, creating and updating them.
>
> I obtained a token like this:
>
> *POST /realms/myrealm/tokens/grants/access*
> *
> *
> *username: rodrigosasaki*
> *password: password*
> *client_id: myclient*
> *client_secret: generated_secret*
>
> and I got a token back, but then I tried accessing the roles of the
> realm on this URL
>
> /admin/realms/myrealm/roles
>
> And it says I'm not authorized to access this, I'd like to know what
> roles or configuration I should create to be able to manipulate this
> information, just as I do on the admin-console
>
>
> On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen <stian(a)redhat.com
> <mailto:stian@redhat.com>> wrote:
>
> To access the REST API you need to pass the token in the http
> headers. How to obtain the token in the first place depends on the
> type of the application you're trying to invoke the API from. Look
> at the docs/examples that corresponds to the type of your app
> (JavaScript, command-line, jax-rs, etc). You also need to make sure
> the application/client has scope mappings on the required roles.
>
> ----- Original Message -----
> > From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com
> <mailto:rodrigopsasaki@gmail.com>>
> > To: keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> > Sent: Monday, 9 June, 2014 12:59:41 PM
> > Subject: [keycloak-user] REST API - Bearer Exception
> >
> > Hi,
> >
> > I'm trying to work with the Keycloak REST API, I logged into the
> > administration console, and then tried accessing
> /auth/admin/realms and got
> > this exception:
> >
> > Failed executing GET /admin/realms:
> > org.jboss.resteasy.spi.UnauthorizedException: Bearer
> >
> > How should I build my request to be able to get a response? How
> should I
> > authenticate myself in this situation?
> >
> > --
> > Rodrigo Sasaki
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org <mailto:
keycloak-user(a)lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> --
> Rodrigo Sasaki
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Rodrigo Sasaki
3:22 p.m.
You need to add a scope to "myclient" that allows "myclient" to ask
for
admin privileges.
On 6/10/2014 4:14 PM, Rodrigo Sasaki wrote:
Yes it had them, but it didn't work.
When I tried generating the token with the client_id set to the
security-admin-console application it worked fine.
Is that the correct way to do this?
On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke(a)redhat.com
<mailto:bburke@redhat.com>> wrote:
Does rodrigosasaki have realm admin privileges? The role is under
applications->myrealm-management->realm-admin
On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:
> I'd like to manage users and roles, creating and updating them.
>
> I obtained a token like this:
>
> *POST /realms/myrealm/tokens/grants/access*
> *
> *
> *username: rodrigosasaki*
> *password: password*
> *client_id: myclient*
> *client_secret: generated_secret*
>
> and I got a token back, but then I tried accessing the roles of the
> realm on this URL
>
> /admin/realms/myrealm/roles
>
> And it says I'm not authorized to access this, I'd like to know what
> roles or configuration I should create to be able to manipulate this
> information, just as I do on the admin-console
>
>
> On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen
<stian(a)redhat.com <mailto:stian@redhat.com>
> <mailto:stian@redhat.com <mailto:stian@redhat.com>>> wrote:
>
> To access the REST API you need to pass the token in the http
> headers. How to obtain the token in the first place depends
on the
> type of the application you're trying to invoke the API from.
Look
> at the docs/examples that corresponds to the type of your app
> (JavaScript, command-line, jax-rs, etc). You also need to
make sure
> the application/client has scope mappings on the required roles.
>
> ----- Original Message -----
> > From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com
<mailto:rodrigopsasaki@gmail.com>
> <mailto:rodrigopsasaki@gmail.com
<mailto:rodrigopsasaki@gmail.com>>>
> > To: keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
> <mailto:keycloak-user@lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>>
> > Sent: Monday, 9 June, 2014 12:59:41 PM
> > Subject: [keycloak-user] REST API - Bearer Exception
> >
> > Hi,
> >
> > I'm trying to work with the Keycloak REST API, I logged
into the
> > administration console, and then tried accessing
> /auth/admin/realms and got
> > this exception:
> >
> > Failed executing GET /admin/realms:
> > org.jboss.resteasy.spi.UnauthorizedException: Bearer
> >
> > How should I build my request to be able to get a
response? How
> should I
> > authenticate myself in this situation?
> >
> > --
> > Rodrigo Sasaki
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
<mailto:keycloak-user@lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> --
> Rodrigo Sasaki
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Rodrigo Sasaki
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
4:05 p.m.
I always forget that part.
Do I always have to provide a user when I want to do this? Is it possible
for an OAuth Client to authenticate based on name and client secret to get
an access token?
On Tue, Jun 10, 2014 at 5:22 PM, Bill Burke <bburke(a)redhat.com> wrote:
You need to add a scope to "myclient" that allows
"myclient" to ask for
admin privileges.
On 6/10/2014 4:14 PM, Rodrigo Sasaki wrote:
> Yes it had them, but it didn't work.
>
> When I tried generating the token with the client_id set to the
> security-admin-console application it worked fine.
>
> Is that the correct way to do this?
>
>
> On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke(a)redhat.com
> <mailto:bburke@redhat.com>> wrote:
>
> Does rodrigosasaki have realm admin privileges? The role is under
> applications->myrealm-management->realm-admin
>
> On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:
> > I'd like to manage users and roles, creating and updating them.
> >
> > I obtained a token like this:
> >
> > *POST /realms/myrealm/tokens/grants/access*
> > *
> > *
> > *username: rodrigosasaki*
> > *password: password*
> > *client_id: myclient*
> > *client_secret: generated_secret*
> >
> > and I got a token back, but then I tried accessing the roles of the
> > realm on this URL
> >
> > /admin/realms/myrealm/roles
> >
> > And it says I'm not authorized to access this, I'd like to know
> what
> > roles or configuration I should create to be able to manipulate
> this
> > information, just as I do on the admin-console
> >
> >
> > On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen
> <stian(a)redhat.com <mailto:stian@redhat.com>
> > <mailto:stian@redhat.com <mailto:stian@redhat.com>>> wrote:
> >
> > To access the REST API you need to pass the token in the http
> > headers. How to obtain the token in the first place depends
> on the
> > type of the application you're trying to invoke the API from.
> Look
> > at the docs/examples that corresponds to the type of your app
> > (JavaScript, command-line, jax-rs, etc). You also need to
> make sure
> > the application/client has scope mappings on the required
> roles.
> >
> > ----- Original Message -----
> > > From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com
> <mailto:rodrigopsasaki@gmail.com>
> > <mailto:rodrigopsasaki@gmail.com
> <mailto:rodrigopsasaki@gmail.com>>>
> > > To: keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> > <mailto:keycloak-user@lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>>
> > > Sent: Monday, 9 June, 2014 12:59:41 PM
> > > Subject: [keycloak-user] REST API - Bearer Exception
> > >
> > > Hi,
> > >
> > > I'm trying to work with the Keycloak REST API, I logged
> into the
> > > administration console, and then tried accessing
> > /auth/admin/realms and got
> > > this exception:
> > >
> > > Failed executing GET /admin/realms:
> > > org.jboss.resteasy.spi.UnauthorizedException: Bearer
> > >
> > > How should I build my request to be able to get a
> response? How
> > should I
> > > authenticate myself in this situation?
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> <mailto:keycloak-user@lists.jboss.org
>
> <mailto:keycloak-user@lists.jboss.org>>
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.
> jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> --
> Rodrigo Sasaki
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
--
Rodrigo Sasaki
4:11 p.m.
You have to provide a user.
On 6/10/2014 5:05 PM, Rodrigo Sasaki wrote:
I always forget that part.
Do I always have to provide a user when I want to do this? Is it
possible for an OAuth Client to authenticate based on name and client
secret to get an access token?
On Tue, Jun 10, 2014 at 5:22 PM, Bill Burke <bburke(a)redhat.com
<mailto:bburke@redhat.com>> wrote:
You need to add a scope to "myclient" that allows "myclient" to
ask
for admin privileges.
On 6/10/2014 4:14 PM, Rodrigo Sasaki wrote:
Yes it had them, but it didn't work.
When I tried generating the token with the client_id set to the
security-admin-console application it worked fine.
Is that the correct way to do this?
On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke(a)redhat.com
<mailto:bburke@redhat.com>
<mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote:
Does rodrigosasaki have realm admin privileges? The role
is under
applications->myrealm-__management->realm-admin
On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:
> I'd like to manage users and roles, creating and
updating them.
>
> I obtained a token like this:
>
> *POST /realms/myrealm/tokens/grants/__access*
> *
> *
> *username: rodrigosasaki*
> *password: password*
> *client_id: myclient*
> *client_secret: generated_secret*
>
> and I got a token back, but then I tried accessing the
roles of the
> realm on this URL
>
> /admin/realms/myrealm/roles
>
> And it says I'm not authorized to access this, I'd like
to know what
> roles or configuration I should create to be able to
manipulate this
> information, just as I do on the admin-console
>
>
> On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen
<stian(a)redhat.com <mailto:stian@redhat.com>
<mailto:stian@redhat.com <mailto:stian@redhat.com>>
> <mailto:stian@redhat.com <mailto:stian@redhat.com>
<mailto:stian@redhat.com <mailto:stian@redhat.com>>>> wrote:
>
> To access the REST API you need to pass the token in
the http
> headers. How to obtain the token in the first place
depends
on the
> type of the application you're trying to invoke the
API from.
Look
> at the docs/examples that corresponds to the type of
your app
> (JavaScript, command-line, jax-rs, etc). You also
need to
make sure
> the application/client has scope mappings on the
required roles.
>
> ----- Original Message -----
> > From: "Rodrigo Sasaki"
<rodrigopsasaki(a)gmail.com
<mailto:rodrigopsasaki@gmail.com>
<mailto:rodrigopsasaki@gmail.__com
<mailto:rodrigopsasaki@gmail.com>>
> <mailto:rodrigopsasaki@gmail.__com
<mailto:rodrigopsasaki@gmail.com>
<mailto:rodrigopsasaki@gmail.__com
<mailto:rodrigopsasaki@gmail.com>>>>
> > To: keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>>
> <mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>>>
> > Sent: Monday, 9 June, 2014 12:59:41 PM
> > Subject: [keycloak-user] REST API - Bearer Exception
> >
> > Hi,
> >
> > I'm trying to work with the Keycloak REST API, I
logged
into the
> > administration console, and then tried accessing
> /auth/admin/realms and got
> > this exception:
> >
> > Failed executing GET /admin/realms:
> > org.jboss.resteasy.spi.__UnauthorizedException:
Bearer
> >
> > How should I build my request to be able to get a
response? How
> should I
> > authenticate myself in this situation?
> >
> > --
> > Rodrigo Sasaki
> >
> > _________________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>>>
> >
https://lists.jboss.org/__mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
>
>
> --
> Rodrigo Sasaki
>
>
> _________________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>>
> https://lists.jboss.org/__mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_________________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>>
https://lists.jboss.org/__mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
--
Rodrigo Sasaki
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
--
Rodrigo Sasaki
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
4228
days inactive
4229
days old
7 comments
3 participants
participants (3)
-
Bill Burke -
Rodrigo Sasaki -
Stian Thorgersen