There is a special URL in keycloak you can access appending /.well-known/openid-configuration to your realm URL. Eg: if your realm is InboxAuth and your base url is https://dev-idp03. inboxmarketer.net/auth , then it would be: https://dev-idp03.inboxmarketer.net/auth/realms/ InboxAuth/.well-known/openid-configuration It sounds like you are interested in the token_endpoint url displayed there. Regards, Federico On 15/06/18 20:53, &quot;keycloak-user-bounces(a)lists.jboss.org on behalf of Peter Awad" <keycloak-user-bounces(a)lists.jboss.org on behalf of pawad(a)inboxmarketer.com&gt; wrote: We are in the early stages of implementing keycloak and currently have a dev environment setup with keycloak 4.beta3 One of my dev teams is working on an API proxy with KrakenD but are struggling. I assumed that this was going to a bearer type and provided them with the following: { "realm": "InboxAuth", "bearer-only": true, "auth-server-url": "https://dev-idp03.inboxmarketer.net/auth", "ssl-required": "all", "resource": "insights-dev", "confidential-port": 0 } as well as a test user, clientId, secret and Reg Token However krakenD appears to want the following: ClientId - Got that. Client Secret - Got that. Token URL - auth server url does not seem to work here. Scopes - Got that. So I guess the real question is what should I be using for Token URL Thanks *Peter Awad* | Customer Success Specialist pawad(a)inboxmarketer.com T: 519.824.6664 x220 *To give real service you must add something which cannot be bought or measured with money, and that is sincerity and integrity.* ~ Douglas Adams _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user