[keycloak-user] Authorization Client - 403

Pedro Igor Silva psilva at redhat.com
Mon Feb 11 07:55:23 EST 2019


That is the expected behavior. The server fails with 403 in case your
authorization request does not resolve to any permission.

Pedro Igor

On Mon, Feb 11, 2019 at 10:29 AM Alexey Titorenko <titorenko at dtg.technology>

> Hello guys!
> I would like to as about behaviour of Authorization Client. I’m trying to
> get user entitlements using authorization client and see the following:
> If permissions allow access to the resource and scope requested, then
> everything is ok — I get back token with requested permissions added to it;
> If permissions do not allow access to the resource, then I would expect
> returned token without any additional permissions added, but, instead, I
> get http error 403 (not authorised) from Keycloak.
> Is it expected behaviour? Having 403 when communicating to Keycloak makes
> me think, that my client is not authorised to make this call, while it
> seems, that this is signal about the fact that access to resource is not
> allowed.
> Alexey
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list