[keycloak-user] Requires uma_protection scope
Corentin Dupont
corentin.dupont at gmail.com
Wed Sep 12 04:02:44 EDT 2018
At the moment I try to create the resource with a client token (not a user
token):
CLIENTTOKEN=`curl -X POST -H "Content-Type:
application/x-www-form-urlencoded" -d
'grant_type=client_credentials&client_id=api-server&client_secret=4e9dcb80-efcd-484c-b3d7-1e95a0096ac0'
"http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token" |
jq .access_token -r`
curl -X POST "
http://localhost:8080/auth/realms/waziup/authz/protection/resource_set" -H
"Authorization: Bearer $CLIENTTOKEN" -H "Content-Type: application/json" -d
'{"name":"Sensortest3",
"scopes":["sensors:create","sensors:view","sensors:update","sensors:delete"],"owner":"cdupont",
"ownerManagedAccess": true}'
Is this correct?
Thanks
On Tue, Sep 11, 2018 at 11:28 PM, Pedro Igor Silva <psilva at redhat.com>
wrote:
> Hi,
>
> Your users must be granted with this client role in order to access the
> protection api. This allows user to consent whether or not access should be
> granted to resource servers to act on his behalf when managing user
> resources.
>
> On Tue, Sep 11, 2018 at 1:19 PM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> Hi,
>> I updated my keycloak to 4.4.0.
>> When I get my resources:
>> GET on: http://localhost:8080/auth/realms/waziup/authz/
>> protection/resource_set
>>
>> I now get error 403: invalid_scope, Requires uma_protection scope
>>
>> What did I miss?
>> I activated User-Managed Access at realm level.
>> Thanks
>> Corentin
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list