[keycloak-user] Authorization Client - 403

Alexey Titorenko titorenko at dtg.technology
Mon Feb 11 08:36:26 EST 2019

Ok, thank you!

> On 11 Feb 2019, at 15:55, Pedro Igor Silva <psilva at redhat.com> wrote:
> Hi,
> That is the expected behavior. The server fails with 403 in case your authorization request does not resolve to any permission.
> Regards.
> Pedro Igor
> On Mon, Feb 11, 2019 at 10:29 AM Alexey Titorenko <titorenko at dtg.technology> wrote:
> Hello guys!
> I would like to as about behaviour of Authorization Client. I’m trying to get user entitlements using authorization client and see the following:
> If permissions allow access to the resource and scope requested, then everything is ok — I get back token with requested permissions added to it;
> If permissions do not allow access to the resource, then I would expect returned token without any additional permissions added, but, instead, I get http error 403 (not authorised) from Keycloak.
> Is it expected behaviour? Having 403 when communicating to Keycloak makes me think, that my client is not authorised to make this call, while it seems, that this is signal about the fact that access to resource is not allowed.
> Alexey
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>

More information about the keycloak-user mailing list