[keycloak-user] Problems with bearer-only client

Sebastien Blanc sblanc at redhat.com
Mon Oct 10 10:00:14 EDT 2016


Hi Christoph,

You won't be able to obtain a token from a bearer-only client, you need to
obtain it from another client that offers a login or use a service account (
https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/clients/oidc/service-accounts.html)


Sebi



On Fri, Oct 7, 2016 at 3:26 PM, Christoph Guse <info at flex-guse.de> wrote:

> Hi,
>
> currently I have some trouble getting an Access Token using a
> bearer-only client in combination with Keycloak 2.2.1.
>
> In my Proof Of Concept realm (sso-poc) I created a client which was
> configured to accept bearer-only authentication. If I got this right no
> user login is needed and this client type is perfect for technical users.
>
> Then I do a HTTP Post like this:
>
> curl -X POST -F "grant_type=client_credentials" -F "client_id=auth-app2"
> -F "client_secret=2fd7033a-1971-4855-b64c-b9783f1ff14d"
> https://web-sso/auth/realms/sso-poc/protocol/openid-connect/token
> <https://web-sso.services.emea.dir/auth/realms/sso-poc/
> protocol/openid-connect/token>
>
> Unfortunately the response is not an AccessToken but the error message
>
> {
>
>    "error": "invalid_client",
>
>    "error_description": "Bearer-only not allowed"
>
> }
>
> As I configured the client as bearer-only authentication, I'm a little
> helpless and I ran out of ideas what I could do.
>
> Any ideas?
>
> Thank you in advance,
> Christoph
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list