11:20 a.m.
Hello everybody,
I'm struggling to implement a keycloak login from my Android app. What I
want to do is to simulate what a browser does (request a resource, be
redirected to keycloak login page and get an access token later on).
From what I've seen from the OAuth2 protocol, I need to firstly get the
authorization code and later on request the access token with that code.
I wouldn't like my Android app to be registered as a client itself, so
I've registered my web service as public.
Here I start the intent to launch the Android browser pointing to the
keycloak authorization address (/openid-connect/auth):
Intent i = new Intent(Intent.ACTION_VIEW,
Uri.parse("http://192.168.0.230:8080/auth/realms/master/protocol/" +
"openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=android://app"));
startActivity(i);
When I enter the credentials successfully, I'm given a code in the
redirection url, coming back to my app:
Uri data = getIntent().getData();
if (data != null) {
String accessCode= data.getQueryParameter("code");
System.out.println("Authorization code:" + accessCode);
}
The code looks like
bC8OM0TwfbhYouM34M3RY2aZRYTywXZVAvKFABgvVRc.693363de-d6b5-4f88-b545-c6603023ee4c
Then I would like to get an access token with that code! I use a Rest
Template for that, making a POST request to the /openid-connect/token
endpoint:
ResponseEntity rssResponse = template.exchange(
"http://192.168.0.230:8080/auth/realms/master/protocol/" +
"openid-connect/token?grant_type=authoritation_code&client_id=web_service&code="+accessCode,
HttpMethod.POST,
null,
Object.class);
However, I'm given a 401 unauthorized exception. What am I doing wrong?
Thanks in advanced ;-)
--
Aritz Maeztu Otaño
Departamento Desarrollo de Software
<https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
<http://www.tesicnor.com>
Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf.: 948 21 40 40
Fax.: 948 21 40 41
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El
medioambiente es cosa de todos.
12:22 p.m.
Sadly we've got no one on the team that are clued up on mobile development.
However, the AeroGear guys they know all about it, so take a look at
https://aerogear.org/docs/guides/security/oauth2-guide/ they have OAuth2
adapters that work with Keycloak.
On 13 January 2016 at 18:20, Aritz Maeztu <amaeztu(a)tesicnor.com> wrote:
Hello everybody,
I'm struggling to implement a keycloak login from my Android app. What I
want to do is to simulate what a browser does (request a resource, be
redirected to keycloak login page and get an access token later on). From
what I've seen from the OAuth2 protocol, I need to firstly get the
authorization code and later on request the access token with that code. I
wouldn't like my Android app to be registered as a client itself, so I've
registered my web service as public.
Here I start the intent to launch the Android browser pointing to the
keycloak authorization address (/openid-connect/auth):
Intent i = new Intent(Intent.ACTION_VIEW, Uri.parse(
"http://192.168.0.230:8080/auth/realms/master/protocol/"
<http://192.168.0.230:8080/auth/realms/master/protocol/> +
"openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=android://app"));
startActivity(i);
When I enter the credentials successfully, I'm given a code in the
redirection url, coming back to my app:
Uri data = getIntent().getData();
if (data != null) {
String accessCode= data.getQueryParameter("code");
System.out.println("Authorization code:" + accessCode);
}
The code looks like
bC8OM0TwfbhYouM34M3RY2aZRYTywXZVAvKFABgvVRc.693363de-d6b5-4f88-b545-c6603023ee4c
Then I would like to get an access token with that code! I use a Rest
Template for that, making a POST request to the /openid-connect/token
endpoint:
ResponseEntity rssResponse = template.exchange(
"http://192.168.0.230:8080/auth/realms/master/protocol/"
<http://192.168.0.230:8080/auth/realms/master/protocol/> +
"openid-connect/token?grant_type=authoritation_code&client_id=web_service&code="+accessCode,
HttpMethod.POST,
null,
Object.class);
However, I'm given a 401 unauthorized exception. What am I doing wrong?
Thanks in advanced ;-)
--
Aritz Maeztu Otaño
Departamento Desarrollo de Software
<https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
<http://www.tesicnor.com>
Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf.: 948 21 40 40
Fax.: 948 21 40 41
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El
medioambiente es cosa de todos.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
4:43 p.m.
Looks like you’re close. Did you make your Android client (in Keycloak) public or private?
There’s a slight difference in how the code to token request is invoked depending on
this.
Private client’s must authenticate to the token endpoint with HTTP basic authentication,
public clients set the client ID as a form parameter.
See:
https://github.com/keycloak/keycloak/blob/1.7.x/integration/adapter-core/...
See:
https://github.com/keycloak/keycloak/blob/1.7.x/integration/admin-client/...
Scott Rossillo
Smartling | Senior Software Engineer
srossillo(a)smartling.com
<https://app.sigstr.com/uc/55e5d41c6533390d03580000>
<http://www.sigstr.com/>
On Jan 13, 2016, at 12:20 PM, Aritz Maeztu
<amaeztu(a)tesicnor.com> wrote:
Hello everybody,
I'm struggling to implement a keycloak login from my Android app. What I want to do
is to simulate what a browser does (request a resource, be redirected to keycloak login
page and get an access token later on). From what I've seen from the OAuth2 protocol,
I need to firstly get the authorization code and later on request the access token with
that code. I wouldn't like my Android app to be registered as a client itself, so
I've registered my web service as public.
Here I start the intent to launch the Android browser pointing to the keycloak
authorization address (/openid-connect/auth):
Intent i = new Intent(Intent.ACTION_VIEW,
Uri.parse("http://192.168.0.230:8080/auth/realms/master/protocol/"
<http://192.168.0.230:8080/auth/realms/master/protocol/> +
"openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=android://app"));
startActivity(i);
When I enter the credentials successfully, I'm given a code in the redirection url,
coming back to my app:
Uri data = getIntent().getData();
if (data != null) {
String accessCode= data.getQueryParameter("code");
System.out.println("Authorization code:" + accessCode);
}
The code looks like
bC8OM0TwfbhYouM34M3RY2aZRYTywXZVAvKFABgvVRc.693363de-d6b5-4f88-b545-c6603023ee4c
Then I would like to get an access token with that code! I use a Rest Template for that,
making a POST request to the /openid-connect/token endpoint:
ResponseEntity rssResponse = template.exchange(
"http://192.168.0.230:8080/auth/realms/master/protocol/"
<http://192.168.0.230:8080/auth/realms/master/protocol/> +
"openid-connect/token?grant_type=authoritation_code&client_id=web_service&code="+accessCode,
HttpMethod.POST,
null,
Object.class);
However, I'm given a 401 unauthorized exception. What am I doing wrong? Thanks in
advanced ;-)
--
Aritz Maeztu Otaño
Departamento Desarrollo de Software <linkdin.gif>
<https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
<logo.png> <http://www.tesicnor.com/>
Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf.: 948 21 40 40
Fax.: 948 21 40 41
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es
cosa de todos. _______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
4:08 a.m.
On Wed, Jan 13, 2016 at 6:20 PM, Aritz Maeztu <amaeztu(a)tesicnor.com> wrote:
ResponseEntity rssResponse = template.exchange(
"http://192.168.0.230:8080/auth/realms/master/protocol/"
<http://192.168.0.230:8080/auth/realms/master/protocol/> +
"openid-connect/token?grant_type=authoritation_code&client_id=web_service&code="+accessCode,
HttpMethod.POST,
null,
Object.class);
It also looks like you have a typo in your URL. It should be:
grant_type=authorization_code.
And also I would suggest not to use master realm for your app, but create a
new realm. Even for development.
9:29 a.m.
Many thanks to all of you for the help. I'm so close to achieve it, so I
need some last tip (and think you can do even about not to have mobile
knowledge). That's the steps I've followed to authenticate a user in a
public client in the Android app:
1- Launch a browser app pointing to keycloak's authorization site for
the client:
Intent i = new Intent(Intent.ACTION_VIEW,
Uri.parse("http://192.168.0.230:8080/auth/realms/master/protocol/" +
"openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=android://app"));
startActivity(i);
2- Retrieve the authorization code when coming back to my app and ask
for an access token:
RestTemplate template = new RestTemplate();
template.getMessageConverters().add(new
FormHttpMessageConverter());
template.getMessageConverters().add(new
MappingJackson2HttpMessageConverter());
MultiValueMap<String, String> form = new
LinkedMultiValueMap<>();
form.add("grant_type", "authorization_code");
form.add("client_id", "edge");
form.add("code", accessCode);
form.add("redirect_uri", "tcheck://app");
ResponseEntity rssResponse = template.postForEntity(
"http://192.168.0.230:8080/auth/realms/master/protocol/openid-connect/token",
form,
AccessToken.class);
I'm passing the parameters in the request body as x-www-form-urlencoded
and it works. I do get an access token, with this format:
{
"access_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5OTEzYmRjOS1jZmI0LTRlZjAtYTcxYy0yYWUwYmQ3MTkwZDkiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlZGdlIiwic2Vzc2lvbl9zdGF0ZSI6IjdkZDVhZDdiLWQwYWItNGZiYS1iOWNiLWYzNjYxYTk5NGU3OSIsImNsaWVudF9zZXNzaW9uIjoiZDg2MzY1NjctMzg2MS00NjU5LTg0ZjItMDZjYmM5YTI3YTU1IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlNVUEVSX0FETUlOIiwiY3JlYXRlLXJlYWxtIiwiVklFV19PUkdBTklaQVRJT04iLCJST0xFX1RDSEVDS19TVVBFUl9BRE1JTiIsIlJPTEVfVENIRUNLX0FETUlOIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwidmlldy1ldmVudHMiLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.GMoAPe9aUQBRign5J0TvOt4tg1SWwyfJkvJjuWDZ_Ayj3GBnFjhgbjb5qLreKsm87NHymPcpvCv7uHkKJRsx44TjC0514O0oBSiVIiKfcJdbE-y7nPplzYAJF6I2JlsQkw9Na67vNSvhsBNg6AfBop4xpAF9HtTU7Ca7gFwOS01bgDRO09WlJYivzOd5t-vQGNwRVlTqaCstIMiBLaUfdkc82DNQwnoP5VO9R7xZn-7O5BE288_CX0C2V96_vooIoTbB3Qoa-gV6f3s6ZSyJnRGBgoe_2QY3mjCBarFQ_mKH_sbF2qMpm-a5igoNoD_3Xlc7iluP206ZJdQn4NZdQg",
"expires_in" : 60,
"refresh_expires_in" : 1800,
"refresh_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkOTBmNzY5Ni00NDIwLTQ3NDUtYmQ3NS01Y2Q4MDNlMWY0YjQiLCJleHAiOjE0NTI3NzY3ODQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6bnVsbCwic3ViIjoiYTcxNDcwMTUtMzVjNi00YWVhLWIzYzgtYTU2NWU0OWI3MmQ5IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImVkZ2UiLCJzZXNzaW9uX3N0YXRlIjoiN2RkNWFkN2ItZDBhYi00ZmJhLWI5Y2ItZjM2NjFhOTk0ZTc5IiwiY2xpZW50X3Nlc3Npb24iOiJkODYzNjU2Ny0zODYxLTQ2NTktODRmMi0wNmNiYzlhMjdhNTUiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiU1VQRVJfQURNSU4iLCJjcmVhdGUtcmVhbG0iLCJWSUVXX09SR0FOSVpBVElPTiIsIlJPTEVfVENIRUNLX1NVUEVSX0FETUlOIiwiUk9MRV9UQ0hFQ0tfQURNSU4iLCJhZG1pbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7Im1hc3Rlci1yZWFsbSI6eyJyb2xlcyI6WyJtYW5hZ2UtZXZlbnRzIiwidmlldy1yZWFsbSIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsImltcGVyc29uYXRpb24iLCJ2aWV3LWV2ZW50cyIsImNyZWF0ZS1jbGllbnQiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.OZkivKxU1HJecrqKb1KDSabakruHJLUaUpNOy_DY7UW1R-4Qv6kLnPy_3soeRPP0FwYNrjzNMw94S-naE8JNCD91LqTTEyJ6o6q_1LDiDbVbfsKeyRkJDZDAbHUYtY-r35z_21SqdHxzzMcero6DoCpFaGOZZFQ86FZD7NiRE3oVzCIz1VJAFBIsSjH0W5_UQa2CEEIOxDanPnhbtdB8XZ6oQeKPB15AvobCgukvWcDufmCeJpUMcIjaTcnBdXRz6MIOp6VjQ5SyqJzn7jja8ILs3zEd8eeocAIix8Gv1CRs6PWBtWZJDss_fh4A8R2guKRBcFwQIeoncFgQeFeaoA",
"token_type" : "bearer",
"id_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0OTUyOGQxNS1kZmEyLTQ1YTUtYjJiYy1hNzZhY2E2M2IwYjEiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJJRCIsImF6cCI6ImVkZ2UiLCJzZXNzaW9uX3N0YXRlIjoiN2RkNWFkN2ItZDBhYi00ZmJhLWI5Y2ItZjM2NjFhOTk0ZTc5IiwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.yOs1HGLQyV33ihDIzL4CiKlKj58zlZzNpJizOlWXg59DkdnL1W5RIT4-Jw5VToy267gWv1o0XIwI2oCVHjbaXKgWZzt7NlVdGnNyGL19VQUPlISlMyyoOhaBGufC4JycQ6BrQh0fnMYUVQOvGE6HGnVwUbrLHiVL579AVhUSmVZ052fzN4VySpm03L7eQBt6BTKMo_7fmL39WvdwY2gEhoi6rz2P8cXp8vbidwqb4nNF7C1wfM7GYgbO-1yaMq_c4JiOoga9YswD68XvKpjjwVZs2WvHpvwZrQjfiqa6EtxkTeRYncMW-RutB8P09wJ3WRaBooDreVBMFB2Tw6nWnQ",
"not-before-policy" : 1452694301,
"session-state" : "7dd5ad7b-d0ab-4fba-b9cb-f3661a994e79"
}
I now finally want to access some resource. As docs state, the only
thing I want to do is to pass that access token in the Authorization
header, starting with the Bearer keyword:
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer " +
token.getToken());
HttpEntity<String> entity = new
HttpEntity<>("parameters",
headers);
ResponseEntity rssResponse = template.exchange(
"http://192.168.0.230:8765/organization/organizations",
HttpMethod.GET,
entity,
OrganizationExchangeSet.class);
But I get 401 Unauthorized from keycloak. If I do the GET request using
Postman, I get the Unauthorized code too:
Request:
/Url:/
http://192.168.0.230:8765/organization/organizations
/Headers:/
Authorization: Bearer
eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5OTEzYmRjOS1jZmI0LTRlZjAtYTcxYy0yYWUwYmQ3MTkwZDkiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlZGdlIiwic2Vzc2lvbl9zdGF0ZSI6IjdkZDVhZDdiLWQwYWItNGZiYS1iOWNiLWYzNjYxYTk5NGU3OSIsImNsaWVudF9zZXNzaW9uIjoiZDg2MzY1NjctMzg2MS00NjU5LTg0ZjItMDZjYmM5YTI3YTU1IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlNVUEVSX0FETUlOIiwiY3JlYXRlLXJlYWxtIiwiVklFV19PUkdBTklaQVRJT04iLCJST0xFX1RDSEVDS19TVVBFUl9BRE1JTiIsIlJPTEVfVENIRUNLX0FETUlOIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwidmlldy1ldmVudHMiLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.GMoAPe9aUQBRign5J0TvOt4tg1SWwyfJkvJjuWDZ_Ayj3GBnFjhgbjb5qLreKsm87NHymPcpvCv7uHkKJRsx44TjC0514O0oBSiVIiKfcJdbE-y7nPplzYAJF6I2JlsQkw9Na67vNSvhsBNg6AfBop4xpAF9HtTU7Ca7gFwOS01bgDRO09WlJYivzOd5t-vQGNwRVlTqaCstIMiBLaUfdkc82DNQwnoP5VO9R7xZn-7O5BE288_CX0C2V96_vooIoTbB3Qoa-gV6f3s6ZSyJnRGBgoe_2QY3mjCBarFQ_mKH_sbF2qMpm-a5igoNoD_3Xlc7iluP206ZJdQn4NZdQg
/Response:/
{
"timestamp": 1452784544622,
"status": 401,
"error": "Unauthorized",
"message": "Unable to authenticate bearer token",
"path": "/organization/organizations"
}
How to solve this?
--
Aritz Maeztu Otaño
Departamento Desarrollo de Software
<https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
<http://www.tesicnor.com>
Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf.: 948 21 40 40
Fax.: 948 21 40 41
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El
medioambiente es cosa de todos.
9:38 a.m.
Hi,
I tried this code some months ago and managed to login from Android.
https://github.com/learning-layers/android-openid-connect
Cheers,
On 01/14/2016 04:29 PM, Aritz Maeztu wrote:
Many thanks to all of you for the help. I'm so close to achieve
it, so I
need some last tip (and think you can do even about not to have mobile
knowledge). That's the steps I've followed to authenticate a user in a
public client in the Android app:
1- Launch a browser app pointing to keycloak's authorization site for
the client:
Intent i = new Intent(Intent.ACTION_VIEW,
Uri.parse("http://192.168.0.230:8080/auth/realms/master/protocol/" +
"openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=android://app"));
startActivity(i);
2- Retrieve the authorization code when coming back to my app and ask
for an access token:
RestTemplate template = new RestTemplate();
template.getMessageConverters().add(new
FormHttpMessageConverter());
template.getMessageConverters().add(new
MappingJackson2HttpMessageConverter());
MultiValueMap<String, String> form = new
LinkedMultiValueMap<>();
form.add("grant_type", "authorization_code");
form.add("client_id", "edge");
form.add("code", accessCode);
form.add("redirect_uri", "tcheck://app");
ResponseEntity rssResponse = template.postForEntity(
"http://192.168.0.230:8080/auth/realms/master/protocol/openid-connect/token",
form,
AccessToken.class);
I'm passing the parameters in the request body as x-www-form-urlencoded
and it works. I do get an access token, with this format:
{
"access_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5OTEzYmRjOS1jZmI0LTRlZjAtYTcxYy0yYWUwYmQ3MTkwZDkiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlZGdlIiwic2Vzc2lvbl9zdGF0ZSI6IjdkZDVhZDdiLWQwYWItNGZiYS1iOWNiLWYzNjYxYTk5NGU3OSIsImNsaWVudF9zZXNzaW9uIjoiZDg2MzY1NjctMzg2MS00NjU5LTg0ZjItMDZjYmM5YTI3YTU1IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlNVUEVSX0FETUlOIiwiY3JlYXRlLXJlYWxtIiwiVklFV19PUkdBTklaQVRJT04iLCJST0xFX1RDSEVDS19TVVBFUl9BRE1JTiIsIlJPTEVfVENIRUNLX0FETUlOIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwidmlldy1ldmVudHMiLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmF!
nZS1jbGl
lbnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.GMoAPe9aUQBRign5J0TvOt4tg1SWwyfJkvJjuWDZ_Ayj3GBnFjhgbjb5qLreKsm87NHymPcpvCv7uHkKJRsx44TjC0514O0oBSiVIiKfcJdbE-y7nPplzYAJF6I2JlsQkw9Na67vNSvhsBNg6AfBop4xpAF9HtTU7Ca7gFwOS01bgDRO09WlJYivzOd5t-vQGNwRVlTqaCstIMiBLaUfdkc82DNQwnoP5VO9R7xZn-7O5BE288_CX0C2V96_vooIoTbB3Qoa-gV6f3s6ZSyJnRGBgoe_2QY3mjCBarFQ_mKH_sbF2qMpm-a5igoNoD_3Xlc7iluP206ZJdQn4NZdQg",
"expires_in" : 60,
"refresh_expires_in" : 1800,
"refresh_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkOTBmNzY5Ni00NDIwLTQ3NDUtYmQ3NS01Y2Q4MDNlMWY0YjQiLCJleHAiOjE0NTI3NzY3ODQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6bnVsbCwic3ViIjoiYTcxNDcwMTUtMzVjNi00YWVhLWIzYzgtYTU2NWU0OWI3MmQ5IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImVkZ2UiLCJzZXNzaW9uX3N0YXRlIjoiN2RkNWFkN2ItZDBhYi00ZmJhLWI5Y2ItZjM2NjFhOTk0ZTc5IiwiY2xpZW50X3Nlc3Npb24iOiJkODYzNjU2Ny0zODYxLTQ2NTktODRmMi0wNmNiYzlhMjdhNTUiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiU1VQRVJfQURNSU4iLCJjcmVhdGUtcmVhbG0iLCJWSUVXX09SR0FOSVpBVElPTiIsIlJPTEVfVENIRUNLX1NVUEVSX0FETUlOIiwiUk9MRV9UQ0hFQ0tfQURNSU4iLCJhZG1pbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7Im1hc3Rlci1yZWFsbSI6eyJyb2xlcyI6WyJtYW5hZ2UtZXZlbnRzIiwidmlldy1yZWFsbSIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsImltcGVyc29uYXRpb24iLCJ2aWV3LWV2ZW50cyIsImNyZWF0ZS1jbGllbnQiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sImFjY291bnQ!
iOnsicm9
sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.OZkivKxU1HJecrqKb1KDSabakruHJLUaUpNOy_DY7UW1R-4Qv6kLnPy_3soeRPP0FwYNrjzNMw94S-naE8JNCD91LqTTEyJ6o6q_1LDiDbVbfsKeyRkJDZDAbHUYtY-r35z_21SqdHxzzMcero6DoCpFaGOZZFQ86FZD7NiRE3oVzCIz1VJAFBIsSjH0W5_UQa2CEEIOxDanPnhbtdB8XZ6oQeKPB15AvobCgukvWcDufmCeJpUMcIjaTcnBdXRz6MIOp6VjQ5SyqJzn7jja8ILs3zEd8eeocAIix8Gv1CRs6PWBtWZJDss_fh4A8R2guKRBcFwQIeoncFgQeFeaoA",
"token_type" : "bearer",
"id_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0OTUyOGQxNS1kZmEyLTQ1YTUtYjJiYy1hNzZhY2E2M2IwYjEiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJJRCIsImF6cCI6ImVkZ2UiLCJzZXNzaW9uX3N0YXRlIjoiN2RkNWFkN2ItZDBhYi00ZmJhLWI5Y2ItZjM2NjFhOTk0ZTc5IiwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.yOs1HGLQyV33ihDIzL4CiKlKj58zlZzNpJizOlWXg59DkdnL1W5RIT4-Jw5VToy267gWv1o0XIwI2oCVHjbaXKgWZzt7NlVdGnNyGL19VQUPlISlMyyoOhaBGufC4JycQ6BrQh0fnMYUVQOvGE6HGnVwUbrLHiVL579AVhUSmVZ052fzN4VySpm03L7eQBt6BTKMo_7fmL39WvdwY2gEhoi6rz2P8cXp8vbidwqb4nNF7C1wfM7GYgbO-1yaMq_c4JiOoga9YswD68XvKpjjwVZs2WvHpvwZrQjfiqa6EtxkTeRYncMW-RutB8P09wJ3WRaBooDreVBMFB2Tw6nWnQ",
"not-before-policy" : 1452694301,
"session-state" : "7dd5ad7b-d0ab-4fba-b9cb-f3661a994e79"
}
I now finally want to access some resource. As docs state, the only
thing I want to do is to pass that access token in the Authorization
header, starting with the Bearer keyword:
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer " +
token.getToken());
HttpEntity<String> entity = new
HttpEntity<>("parameters",
headers);
ResponseEntity rssResponse = template.exchange(
"http://192.168.0.230:8765/organization/organizations",
HttpMethod.GET,
entity,
OrganizationExchangeSet.class);
But I get 401 Unauthorized from keycloak. If I do the GET request using
Postman, I get the Unauthorized code too:
Request:
/Url:/
http://192.168.0.230:8765/organization/organizations
/Headers:/
Authorization: Bearer
eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5OTEzYmRjOS1jZmI0LTRlZjAtYTcxYy0yYWUwYmQ3MTkwZDkiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlZGdlIiwic2Vzc2lvbl9zdGF0ZSI6IjdkZDVhZDdiLWQwYWItNGZiYS1iOWNiLWYzNjYxYTk5NGU3OSIsImNsaWVudF9zZXNzaW9uIjoiZDg2MzY1NjctMzg2MS00NjU5LTg0ZjItMDZjYmM5YTI3YTU1IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlNVUEVSX0FETUlOIiwiY3JlYXRlLXJlYWxtIiwiVklFV19PUkdBTklaQVRJT04iLCJST0xFX1RDSEVDS19TVVBFUl9BRE1JTiIsIlJPTEVfVENIRUNLX0FETUlOIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwidmlldy1ldmVudHMiLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFn!
ZS1jbGll
bnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.GMoAPe9aUQBRign5J0TvOt4tg1SWwyfJkvJjuWDZ_Ayj3GBnFjhgbjb5qLreKsm87NHymPcpvCv7uHkKJRsx44TjC0514O0oBSiVIiKfcJdbE-y7nPplzYAJF6I2JlsQkw9Na67vNSvhsBNg6AfBop4xpAF9HtTU7Ca7gFwOS01bgDRO09WlJYivzOd5t-vQGNwRVlTqaCstIMiBLaUfdkc82DNQwnoP5VO9R7xZn-7O5BE288_CX0C2V96_vooIoTbB3Qoa-gV6f3s6ZSyJnRGBgoe_2QY3mjCBarFQ_mKH_sbF2qMpm-a5igoNoD_3Xlc7iluP206ZJdQn4NZdQg
/Response:/
{
"timestamp": 1452784544622,
"status": 401,
"error": "Unauthorized",
"message": "Unable to authenticate bearer token",
"path": "/organization/organizations"
}
How to solve this?
--
Aritz Maeztu Otaño
Departamento Desarrollo de Software
<https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
<http://www.tesicnor.com>
Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf.: 948 21 40 40
Fax.: 948 21 40 41
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El
medioambiente es cosa de todos.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Iván
10:27 a.m.
Is the adapter for your 'organization' REST endpoint properly
configured to use 'master' realm and 'edge' client?
The keycloak.json config file in your organisation.war (or keycloak
subsystem configuration) has to match that of 'edge' client
configuration in your 'master' realm on Keycloak server.
On Thu, Jan 14, 2016 at 4:38 PM, Iván Perdomo <ivan(a)akvo.org> wrote:
Hi,
I tried this code some months ago and managed to login from Android.
https://github.com/learning-layers/android-openid-connect
Cheers,
On 01/14/2016 04:29 PM, Aritz Maeztu wrote:
> Many thanks to all of you for the help. I'm so close to achieve it, so I
> need some last tip (and think you can do even about not to have mobile
> knowledge). That's the steps I've followed to authenticate a user in a
> public client in the Android app:
>
> 1- Launch a browser app pointing to keycloak's authorization site for
> the client:
>
> Intent i = new Intent(Intent.ACTION_VIEW,
> Uri.parse("http://192.168.0.230:8080/auth/realms/master/protocol/" +
>
>
"openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=android://app"));
> startActivity(i);
>
> 2- Retrieve the authorization code when coming back to my app and ask
> for an access token:
>
> RestTemplate template = new RestTemplate();
> template.getMessageConverters().add(new
> FormHttpMessageConverter());
> template.getMessageConverters().add(new
> MappingJackson2HttpMessageConverter());
> MultiValueMap<String, String> form = new
> LinkedMultiValueMap<>();
> form.add("grant_type", "authorization_code");
> form.add("client_id", "edge");
> form.add("code", accessCode);
> form.add("redirect_uri", "tcheck://app");
> ResponseEntity rssResponse = template.postForEntity(
>
>
"http://192.168.0.230:8080/auth/realms/master/protocol/openid-connect/token",
> form,
> AccessToken.class);
>
> I'm passing the parameters in the request body as x-www-form-urlencoded
> and it works. I do get an access token, with this format:
>
> {
> "access_token" :
>
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5OTEzYmRjOS1jZmI0LTRlZjAtYTcxYy0yYWUwYmQ3MTkwZDkiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlZGdlIiwic2Vzc2lvbl9zdGF0ZSI6IjdkZDVhZDdiLWQwYWItNGZiYS1iOWNiLWYzNjYxYTk5NGU3OSIsImNsaWVudF9zZXNzaW9uIjoiZDg2MzY1NjctMzg2MS00NjU5LTg0ZjItMDZjYmM5YTI3YTU1IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlNVUEVSX0FETUlOIiwiY3JlYXRlLXJlYWxtIiwiVklFV19PUkdBTklaQVRJT04iLCJST0xFX1RDSEVDS19TVVBFUl9BRE1JTiIsIlJPTEVfVENIRUNLX0FETUlOIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwidmlldy1ldmVudHMiLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmF!
> nZS1jbGl
>
lbnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.GMoAPe9aUQBRign5J0TvOt4tg1SWwyfJkvJjuWDZ_Ayj3GBnFjhgbjb5qLreKsm87NHymPcpvCv7uHkKJRsx44TjC0514O0oBSiVIiKfcJdbE-y7nPplzYAJF6I2JlsQkw9Na67vNSvhsBNg6AfBop4xpAF9HtTU7Ca7gFwOS01bgDRO09WlJYivzOd5t-vQGNwRVlTqaCstIMiBLaUfdkc82DNQwnoP5VO9R7xZn-7O5BE288_CX0C2V96_vooIoTbB3Qoa-gV6f3s6ZSyJnRGBgoe_2QY3mjCBarFQ_mKH_sbF2qMpm-a5igoNoD_3Xlc7iluP206ZJdQn4NZdQg",
> "expires_in" : 60,
> "refresh_expires_in" : 1800,
> "refresh_token" :
>
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkOTBmNzY5Ni00NDIwLTQ3NDUtYmQ3NS01Y2Q4MDNlMWY0YjQiLCJleHAiOjE0NTI3NzY3ODQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6bnVsbCwic3ViIjoiYTcxNDcwMTUtMzVjNi00YWVhLWIzYzgtYTU2NWU0OWI3MmQ5IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImVkZ2UiLCJzZXNzaW9uX3N0YXRlIjoiN2RkNWFkN2ItZDBhYi00ZmJhLWI5Y2ItZjM2NjFhOTk0ZTc5IiwiY2xpZW50X3Nlc3Npb24iOiJkODYzNjU2Ny0zODYxLTQ2NTktODRmMi0wNmNiYzlhMjdhNTUiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiU1VQRVJfQURNSU4iLCJjcmVhdGUtcmVhbG0iLCJWSUVXX09SR0FOSVpBVElPTiIsIlJPTEVfVENIRUNLX1NVUEVSX0FETUlOIiwiUk9MRV9UQ0hFQ0tfQURNSU4iLCJhZG1pbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7Im1hc3Rlci1yZWFsbSI6eyJyb2xlcyI6WyJtYW5hZ2UtZXZlbnRzIiwidmlldy1yZWFsbSIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsImltcGVyc29uYXRpb24iLCJ2aWV3LWV2ZW50cyIsImNyZWF0ZS1jbGllbnQiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sImFjY291bnQ!
> iOnsicm9
>
sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.OZkivKxU1HJecrqKb1KDSabakruHJLUaUpNOy_DY7UW1R-4Qv6kLnPy_3soeRPP0FwYNrjzNMw94S-naE8JNCD91LqTTEyJ6o6q_1LDiDbVbfsKeyRkJDZDAbHUYtY-r35z_21SqdHxzzMcero6DoCpFaGOZZFQ86FZD7NiRE3oVzCIz1VJAFBIsSjH0W5_UQa2CEEIOxDanPnhbtdB8XZ6oQeKPB15AvobCgukvWcDufmCeJpUMcIjaTcnBdXRz6MIOp6VjQ5SyqJzn7jja8ILs3zEd8eeocAIix8Gv1CRs6PWBtWZJDss_fh4A8R2guKRBcFwQIeoncFgQeFeaoA",
> "token_type" : "bearer",
> "id_token" :
>
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0OTUyOGQxNS1kZmEyLTQ1YTUtYjJiYy1hNzZhY2E2M2IwYjEiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJJRCIsImF6cCI6ImVkZ2UiLCJzZXNzaW9uX3N0YXRlIjoiN2RkNWFkN2ItZDBhYi00ZmJhLWI5Y2ItZjM2NjFhOTk0ZTc5IiwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.yOs1HGLQyV33ihDIzL4CiKlKj58zlZzNpJizOlWXg59DkdnL1W5RIT4-Jw5VToy267gWv1o0XIwI2oCVHjbaXKgWZzt7NlVdGnNyGL19VQUPlISlMyyoOhaBGufC4JycQ6BrQh0fnMYUVQOvGE6HGnVwUbrLHiVL579AVhUSmVZ052fzN4VySpm03L7eQBt6BTKMo_7fmL39WvdwY2gEhoi6rz2P8cXp8vbidwqb4nNF7C1wfM7GYgbO-1yaMq_c4JiOoga9YswD68XvKpjjwVZs2WvHpvwZrQjfiqa6EtxkTeRYncMW-RutB8P09wJ3WRaBooDreVBMFB2Tw6nWnQ",
> "not-before-policy" : 1452694301,
> "session-state" : "7dd5ad7b-d0ab-4fba-b9cb-f3661a994e79"
> }
>
> I now finally want to access some resource. As docs state, the only
> thing I want to do is to pass that access token in the Authorization
> header, starting with the Bearer keyword:
>
> HttpHeaders headers = new HttpHeaders();
> headers.set("Authorization", "Bearer " +
token.getToken());
> HttpEntity<String> entity = new
HttpEntity<>("parameters",
> headers);
> ResponseEntity rssResponse = template.exchange(
>
"http://192.168.0.230:8765/organization/organizations",
> HttpMethod.GET,
> entity,
> OrganizationExchangeSet.class);
>
> But I get 401 Unauthorized from keycloak. If I do the GET request using
> Postman, I get the Unauthorized code too:
>
> Request:
>
> /Url:/
>
> http://192.168.0.230:8765/organization/organizations
>
> /Headers:/
>
> Authorization: Bearer
>
eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5OTEzYmRjOS1jZmI0LTRlZjAtYTcxYy0yYWUwYmQ3MTkwZDkiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlZGdlIiwic2Vzc2lvbl9zdGF0ZSI6IjdkZDVhZDdiLWQwYWItNGZiYS1iOWNiLWYzNjYxYTk5NGU3OSIsImNsaWVudF9zZXNzaW9uIjoiZDg2MzY1NjctMzg2MS00NjU5LTg0ZjItMDZjYmM5YTI3YTU1IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlNVUEVSX0FETUlOIiwiY3JlYXRlLXJlYWxtIiwiVklFV19PUkdBTklaQVRJT04iLCJST0xFX1RDSEVDS19TVVBFUl9BRE1JTiIsIlJPTEVfVENIRUNLX0FETUlOIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwidmlldy1ldmVudHMiLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFn!
> ZS1jbGll
>
bnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.GMoAPe9aUQBRign5J0TvOt4tg1SWwyfJkvJjuWDZ_Ayj3GBnFjhgbjb5qLreKsm87NHymPcpvCv7uHkKJRsx44TjC0514O0oBSiVIiKfcJdbE-y7nPplzYAJF6I2JlsQkw9Na67vNSvhsBNg6AfBop4xpAF9HtTU7Ca7gFwOS01bgDRO09WlJYivzOd5t-vQGNwRVlTqaCstIMiBLaUfdkc82DNQwnoP5VO9R7xZn-7O5BE288_CX0C2V96_vooIoTbB3Qoa-gV6f3s6ZSyJnRGBgoe_2QY3mjCBarFQ_mKH_sbF2qMpm-a5igoNoD_3Xlc7iluP206ZJdQn4NZdQg
>
> /Response:/
>
> {
> "timestamp": 1452784544622,
> "status": 401,
> "error": "Unauthorized",
> "message": "Unable to authenticate bearer token",
> "path": "/organization/organizations"
> }
>
> How to solve this?
>
>
> --
> Aritz Maeztu Otaño
> Departamento Desarrollo de Software
> <https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
> <http://www.tesicnor.com>
>
> Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
> Telf.: 948 21 40 40
> Fax.: 948 21 40 41
>
> Antes de imprimir este e-mail piense bien si es necesario hacerlo: El
> medioambiente es cosa de todos.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Iván
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3289
days inactive
3290
days old
6 comments
5 participants
participants (5)
-
Aritz Maeztu -
Iván Perdomo -
Marko Strukelj -
Scott Rossillo -
Stian Thorgersen