[keycloak-dev] Allow bearer-only cilents to have service accounts

Stian Thorgersen sthorger at redhat.com
Wed Jan 4 00:46:22 EST 2017

Currently a bearer-only client can't have a service account and that seems
like a mistake. Further this prevents bearer-only clients to use the
authorization services.

Is there any good reasons why bearer-only clients can't have service
accounts and be able to obtain token using the client credential grant?

The only thing a bearer-only client should be prevented to do IMO is
authenticate users (authorization code flow and resource owner credential

More information about the keycloak-dev mailing list