Hi all,
I have just upgrade from 1.0-beta 3 to 1.0.1 final and am running into some serious
issues.
First a question: when will keycloak-core 1.0.1 be available from maven central? I am
having to use 1.0-final in my war - is that compatible with 1.0.1 keycloak war - which is
running on my server.
I upgraded by doing a complete wipe of the keycloak database, and reinstalling 1.0.1 over
my wildly configuration. I am able to use the keycloak admin screens flawlessly.
Now onto my problem.
In 1.0.3-beta I used to have a access type bearer-only application which used the rest api
to register and login users to keycloak.
After upgrading I have found that even if I set the application to be bearer-only,
keycloak still throws an invalid redirect uri error whenever I try to use the rest end
points (surely this should not happen with a bearer-only application). In order to fix
this I have moved the application over to access type confidential (it is sitting on the
same server as keycloak) - are there any pointers to the correct config for this in 1.0.1?
Basically my application is the backend to a mobile app that is using keycloak for access
control - at the moment I am not allowed to use the keycloak login/register screens so
must proxy it through the server. I am now able to register users using this
configuration, but would prefer to go back to bearer-only
I also have a Direct Grant Only client which I use for the mobile application itself. I am
able to get an access token by using the TOKEN_SERVICE_DIRECT_GRANT_PATH via the proxy
server but when I try to access a resource with that bearer token set in the header I am
still getting an unauthorised response.
My applications keycloak.json looks like this
{
"realm": "shift",
"realm-public-key": “**",
"auth-server-url": "http://.../auth",
"ssl-required": "none",
"resource": "shift-server",
"credentials": {
"secret": “**"
}
}
and my client JSON looks like this (although this is not put anywhere in my application
war)
{
"realm": "shift",
"realm-public-key": “***",
"auth-server-url": "http://.../auth",
"ssl-required": "none",
"resource": "shift-ios",
"public-client": true
}
I can login in with a correct username and password setting the client id to ‘shift-ios’.
However when I try to access a protected resource like this
GET /shift/feed HTTP/1.1
Host:
www…..com
Connection: keep-alive
Accept: */*
User-Agent: shift-ios-client/1.0 CFNetwork/711.0.6 Darwin/14.0.0
Accept-Language: en-us
Authorization: Bearer
eyJhbGciOiJSUzI1NiJ9.eyJuYW………...5lXDBvPGu3bI7msV6Xh34g2PG1E2-d0GchWLFb4kGWofDbexDgIJoP1eeSHnKmahAHHbcl_LZkI3ayKYCgF-o3vfk0yh4T-zptEdK1EHFDndz4SkJlrPsyawueekf1mJD-drilFlL55nLIfFqjpaNdQDr5R3lAjUb0
Accept-Encoding: gzip, deflate
where the Bearer header is the access token I get from logging in, then I get a 403
unauthorised response.
This used to work perfectly in beta 3, but I seem unable to make this work in 1.0(.1)
final.
Could this be because I am using 1.0-core instead of 1.0.1-core
Please help, as this has stopped all work on the product, and I am completely stuck. Whats
the best way to go about debugging this?
Conrad