[keycloak-user] Problems with bearer-only client

Christoph Guse info at flex-guse.de
Fri Oct 7 09:26:39 EDT 2016


Hi,

currently I have some trouble getting an Access Token using a 
bearer-only client in combination with Keycloak 2.2.1.

In my Proof Of Concept realm (sso-poc) I created a client which was 
configured to accept bearer-only authentication. If I got this right no 
user login is needed and this client type is perfect for technical users.

Then I do a HTTP Post like this:

curl -X POST -F "grant_type=client_credentials" -F "client_id=auth-app2" 
-F "client_secret=2fd7033a-1971-4855-b64c-b9783f1ff14d" 
https://web-sso/auth/realms/sso-poc/protocol/openid-connect/token 
<https://web-sso.services.emea.dir/auth/realms/sso-poc/protocol/openid-connect/token>

Unfortunately the response is not an AccessToken but the error message

{

   "error": "invalid_client",

   "error_description": "Bearer-only not allowed"

}

As I configured the client as bearer-only authentication, I'm a little 
helpless and I ran out of ideas what I could do.

Any ideas?

Thank you in advance,
Christoph


More information about the keycloak-user mailing list