[keycloak-user] REST API - Bearer Exception
Bill Burke
bburke at redhat.com
Tue Jun 10 17:11:49 EDT 2014
You have to provide a user.
On 6/10/2014 5:05 PM, Rodrigo Sasaki wrote:
> I always forget that part.
>
> Do I always have to provide a user when I want to do this? Is it
> possible for an OAuth Client to authenticate based on name and client
> secret to get an access token?
>
>
> On Tue, Jun 10, 2014 at 5:22 PM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
> You need to add a scope to "myclient" that allows "myclient" to ask
> for admin privileges.
>
>
> On 6/10/2014 4:14 PM, Rodrigo Sasaki wrote:
>
> Yes it had them, but it didn't work.
>
> When I tried generating the token with the client_id set to the
> security-admin-console application it worked fine.
>
> Is that the correct way to do this?
>
>
> On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
>
> Does rodrigosasaki have realm admin privileges? The role
> is under
> applications->myrealm-__management->realm-admin
>
> On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:
> > I'd like to manage users and roles, creating and
> updating them.
> >
> > I obtained a token like this:
> >
> > *POST /realms/myrealm/tokens/grants/__access*
> > *
> > *
> > *username: rodrigosasaki*
> > *password: password*
> > *client_id: myclient*
> > *client_secret: generated_secret*
> >
> > and I got a token back, but then I tried accessing the
> roles of the
> > realm on this URL
> >
> > /admin/realms/myrealm/roles
> >
> > And it says I'm not authorized to access this, I'd like
> to know what
> > roles or configuration I should create to be able to
> manipulate this
> > information, just as I do on the admin-console
> >
> >
> > On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen
> <stian at redhat.com <mailto:stian at redhat.com>
> <mailto:stian at redhat.com <mailto:stian at redhat.com>>
> > <mailto:stian at redhat.com <mailto:stian at redhat.com>
> <mailto:stian at redhat.com <mailto:stian at redhat.com>>>> wrote:
> >
> > To access the REST API you need to pass the token in
> the http
> > headers. How to obtain the token in the first place
> depends
> on the
> > type of the application you're trying to invoke the
> API from.
> Look
> > at the docs/examples that corresponds to the type of
> your app
> > (JavaScript, command-line, jax-rs, etc). You also
> need to
> make sure
> > the application/client has scope mappings on the
> required roles.
> >
> > ----- Original Message -----
> > > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com
> <mailto:rodrigopsasaki at gmail.com>
> <mailto:rodrigopsasaki at gmail.__com
> <mailto:rodrigopsasaki at gmail.com>>
> > <mailto:rodrigopsasaki at gmail.__com
> <mailto:rodrigopsasaki at gmail.com>
> <mailto:rodrigopsasaki at gmail.__com
> <mailto:rodrigopsasaki at gmail.com>>>>
> > > To: keycloak-user at lists.jboss.org
> <mailto:keycloak-user at lists.jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>
> > <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>>
> > > Sent: Monday, 9 June, 2014 12:59:41 PM
> > > Subject: [keycloak-user] REST API - Bearer Exception
> > >
> > > Hi,
> > >
> > > I'm trying to work with the Keycloak REST API, I
> logged
> into the
> > > administration console, and then tried accessing
> > /auth/admin/realms and got
> > > this exception:
> > >
> > > Failed executing GET /admin/realms:
> > > org.jboss.resteasy.spi.__UnauthorizedException:
> Bearer
> > >
> > > How should I build my request to be able to get a
> response? How
> > should I
> > > authenticate myself in this situation?
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > > _________________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> <mailto:keycloak-user at lists.jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>
>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>>
> > >
> https://lists.jboss.org/__mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
> >
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
> >
> > _________________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> <mailto:keycloak-user at lists.jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>
> > https://lists.jboss.org/__mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _________________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> <mailto:keycloak-user at lists.jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>
> https://lists.jboss.org/__mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
>
>
> --
> Rodrigo Sasaki
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
>
>
>
> --
> Rodrigo Sasaki
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list