[keycloak-user] KeycloakInstalled adapter: Using public client token from keycloak installed adapter to access confidential client
Bruce Wings
testoauth55 at gmail.com
Sat Dec 8 22:46:34 EST 2018
Anyone else faced this issue?
On Fri, Dec 7, 2018 at 1:39 PM Bruce Wings <testoauth55 at gmail.com> wrote:
> I have created a confidential client - "*server-app"* that secures my
> Jetty app through Keycloak jetty adapter and a public client - "*web-app*"
> that is provided to all clients of my server app. Both *web-app* and
> *server-app* exist under same realm.
>
> In *web-app* client, I have created a *token mapper for 'aud' claim:*
>
> *new java.util.ArrayList(["server-app","web-app"]);*
>
> When I generate a token through keycloak JS adapter or through postman for
> web-app client, *I am able* to use the same token to access my jetty app(
> that is secured with confidential client).
>
> But when launching *keycloakinstalled *adapter (*.loginDesktop() api*)
> with public client(json of web-app client), after successful login , while
> trying to access the same Jetty app(secured with confidential client) I
> get:
>
> *type=CODE_TO_TOKEN_ERROR, realmId=myRealm, clientId=null, userId=null,
> ipAddress=10.252.70.71, error=invalid_client_credentials,
> grant_type=authorization_code*
>
> Is the same kind of access not supported in KeycloakInstalled adapter ?
>
> Also, if I launch KeycloakInstalled adapter with confidential client json,
> everything works fine i.e I am allowed access to jetty app.
>
More information about the keycloak-user
mailing list