[keycloak-user] REST API - Bearer Exception

Bill Burke bburke at redhat.com
Tue Jun 10 17:11:49 EDT 2014


You have to provide a user.

On 6/10/2014 5:05 PM, Rodrigo Sasaki wrote:
> I always forget that part.
>
> Do I always have to provide a user when I want to do this? Is it
> possible for an OAuth Client to authenticate based on name and client
> secret to get an access token?
>
>
> On Tue, Jun 10, 2014 at 5:22 PM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>     You need to add a scope to "myclient" that allows "myclient" to ask
>     for admin privileges.
>
>
>     On 6/10/2014 4:14 PM, Rodrigo Sasaki wrote:
>
>         Yes it had them, but it didn't work.
>
>         When I tried generating the token with the client_id set to the
>         security-admin-console application it worked fine.
>
>         Is that the correct way to do this?
>
>
>         On Tue, Jun 10, 2014 at 4:26 PM, Bill Burke <bburke at redhat.com
>         <mailto:bburke at redhat.com>
>         <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
>
>              Does rodrigosasaki have realm admin privileges?  The role
>         is under
>              applications->myrealm-__management->realm-admin
>
>              On 6/10/2014 3:02 PM, Rodrigo Sasaki wrote:
>               > I'd like to manage users and roles, creating and
>         updating them.
>               >
>               > I obtained a token like this:
>               >
>               > *POST /realms/myrealm/tokens/grants/__access*
>               > *
>               > *
>               > *username: rodrigosasaki*
>               > *password: password*
>               > *client_id: myclient*
>               > *client_secret: generated_secret*
>               >
>               > and I got a token back, but then I tried accessing the
>         roles of the
>               > realm on this URL
>               >
>               > /admin/realms/myrealm/roles
>               >
>               > And it says I'm not authorized to access this, I'd like
>         to know what
>               > roles or configuration I should create to be able to
>         manipulate this
>               > information, just as I do on the admin-console
>               >
>               >
>               > On Tue, Jun 10, 2014 at 10:16 AM, Stian Thorgersen
>              <stian at redhat.com <mailto:stian at redhat.com>
>         <mailto:stian at redhat.com <mailto:stian at redhat.com>>
>               > <mailto:stian at redhat.com <mailto:stian at redhat.com>
>         <mailto:stian at redhat.com <mailto:stian at redhat.com>>>> wrote:
>               >
>               >     To access the REST API you need to pass the token in
>         the http
>               >     headers. How to obtain the token in the first place
>         depends
>              on the
>               >     type of the application you're trying to invoke the
>         API from.
>              Look
>               >     at the docs/examples that corresponds to the type of
>         your app
>               >     (JavaScript, command-line, jax-rs, etc). You also
>         need to
>              make sure
>               >     the application/client has scope mappings on the
>         required roles.
>               >
>               >     ----- Original Message -----
>               >      > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com
>         <mailto:rodrigopsasaki at gmail.com>
>              <mailto:rodrigopsasaki at gmail.__com
>         <mailto:rodrigopsasaki at gmail.com>>
>               >     <mailto:rodrigopsasaki at gmail.__com
>         <mailto:rodrigopsasaki at gmail.com>
>              <mailto:rodrigopsasaki at gmail.__com
>         <mailto:rodrigopsasaki at gmail.com>>>>
>               >      > To: keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>              <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>
>               >     <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>              <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>>
>               >      > Sent: Monday, 9 June, 2014 12:59:41 PM
>               >      > Subject: [keycloak-user] REST API - Bearer Exception
>               >      >
>               >      > Hi,
>               >      >
>               >      > I'm trying to work with the Keycloak REST API, I
>         logged
>              into the
>               >      > administration console, and then tried accessing
>               >     /auth/admin/realms and got
>               >      > this exception:
>               >      >
>               >      > Failed executing GET /admin/realms:
>               >      > org.jboss.resteasy.spi.__UnauthorizedException:
>         Bearer
>               >      >
>               >      > How should I build my request to be able to get a
>              response? How
>               >     should I
>               >      > authenticate myself in this situation?
>               >      >
>               >      > --
>               >      > Rodrigo Sasaki
>               >      >
>               >      > _________________________________________________
>               >      > keycloak-user mailing list
>               >      > keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>              <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>
>              <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>
>              <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>>
>               >      >
>         https://lists.jboss.org/__mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>               >
>               >
>               >
>               >
>               > --
>               > Rodrigo Sasaki
>               >
>               >
>               > _________________________________________________
>               > keycloak-user mailing list
>               > keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>         <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>
>               > https://lists.jboss.org/__mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>               >
>
>              --
>              Bill Burke
>              JBoss, a division of Red Hat
>         http://bill.burkecentral.com
>              _________________________________________________
>              keycloak-user mailing list
>         keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>         <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>
>         https://lists.jboss.org/__mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
>
>
>         --
>         Rodrigo Sasaki
>
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>
>
>
>
> --
> Rodrigo Sasaki

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list