[keycloak-dev] Accessing Token Endpoint with a User access token to get Permissions

Pedro Igor Silva psilva at redhat.com
Fri Jun 22 10:42:21 EDT 2018


Hi,

Are you sending the access token or ID token as a bearer ? Could you give
more details on how you are obtaining the token ?











On Wed, Jun 20, 2018 at 5:52 AM, Mark McGuigan <
Mark.McGuigan at 360globalnet.com> wrote:

> Hi,
>
> Apologies if this email is incorrectly posted.
>
> I'm using the newly released Keycloak 4 and I've been able to successfully
> get an access token for a user from an access code posted back to my
> application. This doesn't contain any permissions on the token (Rightly so,
> only roles)
> I'm now trying to get an RPT with permissions from the of client
> application that reflect what the User is allowed to do.
>
> My request looks something like:
> POST /auth/realms/MyRealm/protocol/openid-connect/token HTTP/1.1
> Host: localhost:8080
> Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5c ...
> Content-Type: application/x-www-form-urlencoded
> Cache-Control: no-cache
> Postman-Token: 4054feaf-a9d7-48e2-99b6-eabc86bf8da5
>
> grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Auma-ticket&audience=
> MyClient&permission=Default+Resource
>
> Where the Bearer is the generated access_token. However I'me getting a
> response of :
>
> 500 Internal Server Error
> {
>     "error": "server_error",
>     "error_description": "Unexpected error while evaluating permissions"
> }
>
> And a stack trace of:
>
> Unexpected error while evaluating permissions: java.lang.RuntimeException:
> Error while reading attributes from security token.
>         at org.keycloak.authorization.common.KeycloakIdentity.<init>
> (KeycloakIdentity.java:139)
>         at org.keycloak.authorization.common.KeycloakIdentity.<init>
> (KeycloakIdentity.java:68)
>         at org.keycloak.authorization.authorization.
> AuthorizationTokenService.lambda$static$1(AuthorizationTokenService.
> java:124)
>         at org.keycloak.authorization.authorization.
> AuthorizationTokenService.createEvaluationContext(
> AuthorizationTokenService.java:311)
>         at org.keycloak.authorization.authorization.
> AuthorizationTokenService.authorize(AuthorizationTokenService.java:161)
>         at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.
> permissionGrant(TokenEndpoint.java:1124)
>         at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.
> processGrantRequest(TokenEndpoint.java:190)
> .....
> Caused by: java.lang.NullPointerException
>         at org.keycloak.services.util.DefaultClientSessionContext.
> fromClientSessionScopeParameter(DefaultClientSessionContext.java:64)
>         at org.keycloak.authorization.common.KeycloakIdentity.<init>
> (KeycloakIdentity.java:123)
>
> Any Ideas what I may be doing wrong? Any help appreciated.
>
> Regards,
>
> Mark
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list