[keycloak-user] How to access secured REST endpoint from keycloak-spring-security-adapter

[Matt H]

I have a suite of spring applications that are using keycloak for authentication.  I'm using the Keycloak spring security adapter and have my successfully secured the endpoints that I want to.  I have situations where I need Application A to make a call to a secured endpoint on Application B.  I am able to do this client to client communication by using the KeycloakRestTemplate but only when a user calls Application A with a valid token.


Application A also has a process that will call Application B without user interaction.  When this is done I get an error "java.lang.IllegalStateException: Cannot set authorization header because there is no authenticated principal".  This makes sense since I don't have a valid user token.


Application A and Application B use the same client in keycloak and it is set to be a confidential client.  I have tried it with and without having service accounts enabled.


Some questions I have are:

1. How do I have applications (not users) call a secured REST endpoint?

2. Do the provided keycloak adapters (like the spring security adapter) provide this functionality?

3. Do I need an additional client account to do this?

4. Are there any libraries that handle refreshing these tokens or automatically obtaining one if it doesn't exist?


I see lots of examples on how a user can access a secured service, but not much on an application accessing a secured service.