REST API - Bearer Exception - keycloak-user - Jboss List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

REST API - Bearer Exception

Devoxx UK

Proxying Registration

Rodrigo Sasaki

Monday, 9 June 2014 Mon, 9 Jun '14

6:59 a.m.

Hi, I'm trying to work with the Keycloak REST API, I logged into the administration console, and then tried accessing */auth/admin/realms* and got this exception: *Failed executing GET /admin/realms: org.jboss.resteasy.spi.UnauthorizedException: Bearer* How should I build my request to be able to get a response? How should I authenticate myself in this situation? -- Rodrigo Sasaki

Attachments:

attachment.html (text/html — 604 bytes)

Reply

Show replies by date

Stian Thorgersen

Tuesday, 10 June Tue, 10 Jun

8:16 a.m.

To access the REST API you need to pass the token in the http headers. How to obtain the token in the first place depends on the type of the application you're trying to invoke the API from. Look at the docs/examples that corresponds to the type of your app (JavaScript, command-line, jax-rs, etc). You also need to make sure the application/client has scope mappings on the required roles. ----- Original Message -----

From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com> To: keycloak-user(a)lists.jboss.org Sent: Monday, 9 June, 2014 12:59:41 PM Subject: [keycloak-user] REST API - Bearer Exception Hi, I'm trying to work with the Keycloak REST API, I logged into the administration console, and then tried accessing /auth/admin/realms and got this exception: Failed executing GET /admin/realms: org.jboss.resteasy.spi.UnauthorizedException: Bearer How should I build my request to be able to get a response? How should I authenticate myself in this situation? -- Rodrigo Sasaki _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Reply

Rodrigo Sasaki

2:02 p.m.

I'd like to manage users and roles, creating and updating them. I obtained a token like this: *POST /realms/myrealm/tokens/grants/access* *username: rodrigosasaki* *password: password* *client_id: myclient* *client_secret: generated_secret* and I got a token back, but then I tried accessing the roles of the realm on this URL /admin/realms/myrealm/roles And it says I'm not authorized to access this, I'd like to know what roles or configuration I should create to be able to manipulate this information, just as I do on the admin-console On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen <stian(a)redhat.com> wrote:

To access the REST API you need to pass the token in the http headers. How to obtain the token in the first place depends on the type of the application you're trying to invoke the API from. Look at the docs/examples that corresponds to the type of your app (JavaScript, command-line, jax-rs, etc). You also need to make sure the application/client has scope mappings on the required roles. ----- Original Message ----- > From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com> > To: keycloak-user(a)lists.jboss.org > Sent: Monday, 9 June, 2014 12:59:41 PM > Subject: [keycloak-user] REST API - Bearer Exception > > Hi, > > I'm trying to work with the Keycloak REST API, I logged into the > administration console, and then tried accessing /auth/admin/realms and got > this exception: > > Failed executing GET /admin/realms: > org.jboss.resteasy.spi.UnauthorizedException: Bearer > > How should I build my request to be able to get a response? How should I > authenticate myself in this situation? > > -- > Rodrigo Sasaki > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user

-- Rodrigo Sasaki

Reply

Bill Burke

2:26 p.m.

Does rodrigosasaki have realm admin privileges? The role is under applications->myrealm-management->realm-admin On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:

I'd like to manage users and roles, creating and updating them. I obtained a token like this: *POST /realms/myrealm/tokens/grants/access* * * *username: rodrigosasaki* *password: password* *client_id: myclient* *client_secret: generated_secret* and I got a token back, but then I tried accessing the roles of the realm on this URL /admin/realms/myrealm/roles And it says I'm not authorized to access this, I'd like to know what roles or configuration I should create to be able to manipulate this information, just as I do on the admin-console On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen <stian(a)redhat.com <mailto:stian@redhat.com>> wrote: To access the REST API you need to pass the token in the http headers. How to obtain the token in the first place depends on the type of the application you're trying to invoke the API from. Look at the docs/examples that corresponds to the type of your app (JavaScript, command-line, jax-rs, etc). You also need to make sure the application/client has scope mappings on the required roles. ----- Original Message ----- > From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com <mailto:rodrigopsasaki@gmail.com>> > To: keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > Sent: Monday, 9 June, 2014 12:59:41 PM > Subject: [keycloak-user] REST API - Bearer Exception > > Hi, > > I'm trying to work with the Keycloak REST API, I logged into the > administration console, and then tried accessing /auth/admin/realms and got > this exception: > > Failed executing GET /admin/realms: > org.jboss.resteasy.spi.UnauthorizedException: Bearer > > How should I build my request to be able to get a response? How should I > authenticate myself in this situation? > > -- > Rodrigo Sasaki > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user -- Rodrigo Sasaki _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Rodrigo Sasaki

3:14 p.m.

Yes it had them, but it didn't work. When I tried generating the token with the client_id set to the security-admin-console application it worked fine. Is that the correct way to do this? On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke(a)redhat.com> wrote:

Does rodrigosasaki have realm admin privileges? The role is under applications->myrealm-management->realm-admin On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote: > I'd like to manage users and roles, creating and updating them. > > I obtained a token like this: > > *POST /realms/myrealm/tokens/grants/access* > * > * > *username: rodrigosasaki* > *password: password* > *client_id: myclient* > *client_secret: generated_secret* > > and I got a token back, but then I tried accessing the roles of the > realm on this URL > > /admin/realms/myrealm/roles > > And it says I'm not authorized to access this, I'd like to know what > roles or configuration I should create to be able to manipulate this > information, just as I do on the admin-console > > > On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen <stian(a)redhat.com > <mailto:stian@redhat.com>> wrote: > > To access the REST API you need to pass the token in the http > headers. How to obtain the token in the first place depends on the > type of the application you're trying to invoke the API from. Look > at the docs/examples that corresponds to the type of your app > (JavaScript, command-line, jax-rs, etc). You also need to make sure > the application/client has scope mappings on the required roles. > > ----- Original Message ----- > > From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com > <mailto:rodrigopsasaki@gmail.com>> > > To: keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > > Sent: Monday, 9 June, 2014 12:59:41 PM > > Subject: [keycloak-user] REST API - Bearer Exception > > > > Hi, > > > > I'm trying to work with the Keycloak REST API, I logged into the > > administration console, and then tried accessing > /auth/admin/realms and got > > this exception: > > > > Failed executing GET /admin/realms: > > org.jboss.resteasy.spi.UnauthorizedException: Bearer > > > > How should I build my request to be able to get a response? How > should I > > authenticate myself in this situation? > > > > -- > > Rodrigo Sasaki > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org <mailto: keycloak-user(a)lists.jboss.org> > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > -- > Rodrigo Sasaki > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

-- Rodrigo Sasaki

Reply

Bill Burke

3:22 p.m.

You need to add a scope to "myclient" that allows "myclient" to ask for admin privileges. On 6/10/2014 4:14 PM, Rodrigo Sasaki wrote:

Yes it had them, but it didn't work. When I tried generating the token with the client_id set to the security-admin-console application it worked fine. Is that the correct way to do this? On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com>> wrote: Does rodrigosasaki have realm admin privileges? The role is under applications->myrealm-management->realm-admin On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote: > I'd like to manage users and roles, creating and updating them. > > I obtained a token like this: > > *POST /realms/myrealm/tokens/grants/access* > * > * > *username: rodrigosasaki* > *password: password* > *client_id: myclient* > *client_secret: generated_secret* > > and I got a token back, but then I tried accessing the roles of the > realm on this URL > > /admin/realms/myrealm/roles > > And it says I'm not authorized to access this, I'd like to know what > roles or configuration I should create to be able to manipulate this > information, just as I do on the admin-console > > > On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen <stian(a)redhat.com <mailto:stian@redhat.com> > <mailto:stian@redhat.com <mailto:stian@redhat.com>>> wrote: > > To access the REST API you need to pass the token in the http > headers. How to obtain the token in the first place depends on the > type of the application you're trying to invoke the API from. Look > at the docs/examples that corresponds to the type of your app > (JavaScript, command-line, jax-rs, etc). You also need to make sure > the application/client has scope mappings on the required roles. > > ----- Original Message ----- > > From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com <mailto:rodrigopsasaki@gmail.com> > <mailto:rodrigopsasaki@gmail.com <mailto:rodrigopsasaki@gmail.com>>> > > To: keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > <mailto:keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>> > > Sent: Monday, 9 June, 2014 12:59:41 PM > > Subject: [keycloak-user] REST API - Bearer Exception > > > > Hi, > > > > I'm trying to work with the Keycloak REST API, I logged into the > > administration console, and then tried accessing > /auth/admin/realms and got > > this exception: > > > > Failed executing GET /admin/realms: > > org.jboss.resteasy.spi.UnauthorizedException: Bearer > > > > How should I build my request to be able to get a response? How > should I > > authenticate myself in this situation? > > > > -- > > Rodrigo Sasaki > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>> > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > -- > Rodrigo Sasaki > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user -- Rodrigo Sasaki

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Rodrigo Sasaki

4:05 p.m.

I always forget that part. Do I always have to provide a user when I want to do this? Is it possible for an OAuth Client to authenticate based on name and client secret to get an access token? On Tue, Jun 10, 2014 at 5:22 PM, Bill Burke <bburke(a)redhat.com> wrote:

You need to add a scope to "myclient" that allows "myclient" to ask for admin privileges. On 6/10/2014 4:14 PM, Rodrigo Sasaki wrote: > Yes it had them, but it didn't work. > > When I tried generating the token with the client_id set to the > security-admin-console application it worked fine. > > Is that the correct way to do this? > > > On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke(a)redhat.com > <mailto:bburke@redhat.com>> wrote: > > Does rodrigosasaki have realm admin privileges? The role is under > applications->myrealm-management->realm-admin > > On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote: > > I'd like to manage users and roles, creating and updating them. > > > > I obtained a token like this: > > > > *POST /realms/myrealm/tokens/grants/access* > > * > > * > > *username: rodrigosasaki* > > *password: password* > > *client_id: myclient* > > *client_secret: generated_secret* > > > > and I got a token back, but then I tried accessing the roles of the > > realm on this URL > > > > /admin/realms/myrealm/roles > > > > And it says I'm not authorized to access this, I'd like to know > what > > roles or configuration I should create to be able to manipulate > this > > information, just as I do on the admin-console > > > > > > On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen > <stian(a)redhat.com <mailto:stian@redhat.com> > > <mailto:stian@redhat.com <mailto:stian@redhat.com>>> wrote: > > > > To access the REST API you need to pass the token in the http > > headers. How to obtain the token in the first place depends > on the > > type of the application you're trying to invoke the API from. > Look > > at the docs/examples that corresponds to the type of your app > > (JavaScript, command-line, jax-rs, etc). You also need to > make sure > > the application/client has scope mappings on the required > roles. > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com > <mailto:rodrigopsasaki@gmail.com> > > <mailto:rodrigopsasaki@gmail.com > <mailto:rodrigopsasaki@gmail.com>>> > > > To: keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > > <mailto:keycloak-user@lists.jboss.org > <mailto:keycloak-user@lists.jboss.org>> > > > Sent: Monday, 9 June, 2014 12:59:41 PM > > > Subject: [keycloak-user] REST API - Bearer Exception > > > > > > Hi, > > > > > > I'm trying to work with the Keycloak REST API, I logged > into the > > > administration console, and then tried accessing > > /auth/admin/realms and got > > > this exception: > > > > > > Failed executing GET /admin/realms: > > > org.jboss.resteasy.spi.UnauthorizedException: Bearer > > > > > > How should I build my request to be able to get a > response? How > > should I > > > authenticate myself in this situation? > > > > > > -- > > > Rodrigo Sasaki > > > > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > <mailto:keycloak-user@lists.jboss.org > > <mailto:keycloak-user@lists.jboss.org>> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > > -- > > Rodrigo Sasaki > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists. > jboss.org> > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > -- > Rodrigo Sasaki > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

-- Rodrigo Sasaki

Reply

Bill Burke

4:11 p.m.

You have to provide a user. On 6/10/2014 5:05 PM, Rodrigo Sasaki wrote:

I always forget that part. Do I always have to provide a user when I want to do this? Is it possible for an OAuth Client to authenticate based on name and client secret to get an access token? On Tue, Jun 10, 2014 at 5:22 PM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com>> wrote: You need to add a scope to "myclient" that allows "myclient" to ask for admin privileges. On 6/10/2014 4:14 PM, Rodrigo Sasaki wrote: Yes it had them, but it didn't work. When I tried generating the token with the client_id set to the security-admin-console application it worked fine. Is that the correct way to do this? On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote: Does rodrigosasaki have realm admin privileges? The role is under applications->myrealm-__management->realm-admin On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote: > I'd like to manage users and roles, creating and updating them. > > I obtained a token like this: > > *POST /realms/myrealm/tokens/grants/__access* > * > * > *username: rodrigosasaki* > *password: password* > *client_id: myclient* > *client_secret: generated_secret* > > and I got a token back, but then I tried accessing the roles of the > realm on this URL > > /admin/realms/myrealm/roles > > And it says I'm not authorized to access this, I'd like to know what > roles or configuration I should create to be able to manipulate this > information, just as I do on the admin-console > > > On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen <stian(a)redhat.com <mailto:stian@redhat.com> <mailto:stian@redhat.com <mailto:stian@redhat.com>> > <mailto:stian@redhat.com <mailto:stian@redhat.com> <mailto:stian@redhat.com <mailto:stian@redhat.com>>>> wrote: > > To access the REST API you need to pass the token in the http > headers. How to obtain the token in the first place depends on the > type of the application you're trying to invoke the API from. Look > at the docs/examples that corresponds to the type of your app > (JavaScript, command-line, jax-rs, etc). You also need to make sure > the application/client has scope mappings on the required roles. > > ----- Original Message ----- > > From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com <mailto:rodrigopsasaki@gmail.com> <mailto:rodrigopsasaki@gmail.__com <mailto:rodrigopsasaki@gmail.com>> > <mailto:rodrigopsasaki@gmail.__com <mailto:rodrigopsasaki@gmail.com> <mailto:rodrigopsasaki@gmail.__com <mailto:rodrigopsasaki@gmail.com>>>> > > To: keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> > <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>> > > Sent: Monday, 9 June, 2014 12:59:41 PM > > Subject: [keycloak-user] REST API - Bearer Exception > > > > Hi, > > > > I'm trying to work with the Keycloak REST API, I logged into the > > administration console, and then tried accessing > /auth/admin/realms and got > > this exception: > > > > Failed executing GET /admin/realms: > > org.jboss.resteasy.spi.__UnauthorizedException: Bearer > > > > How should I build my request to be able to get a response? How > should I > > authenticate myself in this situation? > > > > -- > > Rodrigo Sasaki > > > > _________________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>> > > https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user> > > > > > -- > Rodrigo Sasaki > > > _________________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> > https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user> > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _________________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user> -- Rodrigo Sasaki -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Rodrigo Sasaki

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

3838

days inactive

3839

days old

keycloak-user@lists.jboss.org

Manage subscription

7 comments

3 participants

tags (0)

participants (3)

Bill Burke
Rodrigo Sasaki
Stian Thorgersen