[keycloak-user] Can a confidential Access Type client also accept bearer tokens?

Ryan Slominski ryans at jlab.org
Thu May 23 15:43:10 EDT 2019


Hi Pedro,
    Thanks, I got it working.   I was initially seeing the error:

"Didn't find publicKey for specified kid"

But, I finally found I was trying to use the bearer token on an application secured by a different Keycloak instance,
which didn't issue the access token!  Looks like CURL must already set appropriate headers or something because I
didn't even need to enable autodetect-bearer-only.

Ryan
________________________________
From: Pedro Igor Silva <psilva at redhat.com>
Sent: Thursday, May 23, 2019 3:20 PM
To: Ryan Slominski
Cc: keycloak-user
Subject: Re: [keycloak-user] Can a confidential Access Type client also accept bearer tokens?

It should be fine to use the same client. However, you may want to set autodetect-bearer-only in keycloak.json. See https://www.keycloak.org/docs/latest/securing_apps/index.html#_java_adapter_config<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.keycloak.org_docs_latest_securing-5Fapps_index.html-23-5Fjava-5Fadapter-5Fconfig&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Jebp9KlW4II3Vpn8JL3ekQ&m=gJRMTBuTVjXDjIz7skpb9umK3ZlMfQ69jBjpLhYF7Ac&s=GJWpNRJhwZyz0y77EANTPaAvH9sjQPxw_k9iu7K3TuY&e=>.

On Thu, May 23, 2019 at 3:35 PM Ryan Slominski <ryans at jlab.org<mailto:ryans at jlab.org>> wrote:
I'm using the Wildfly client adapter to secure access for a web application and it works fine.   However, I was wondering if I could have a script to programmatically post some data to one of the web application's end points via a cron job.  The examples I have found of doing this assume you have a dedicated "bearer-only" access type client.    Do I have to create a separate client for this or can I re-use the existing web application end point, which has access type Confidential?

I'm looking at the example here:
http://planet.jboss.org/post/getting_started_with_keycloak_securing_a_rest_service<https://urldefense.proofpoint.com/v2/url?u=http-3A__planet.jboss.org_post_getting-5Fstarted-5Fwith-5Fkeycloak-5Fsecuring-5Fa-5Frest-5Fservice&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Jebp9KlW4II3Vpn8JL3ekQ&m=gJRMTBuTVjXDjIz7skpb9umK3ZlMfQ69jBjpLhYF7Ac&s=4-jBlpmUCValuuMRlhLMZqc8grf_HXbbTvJtL1Qt3ok&e=>

Thanks,

Ryan
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Jebp9KlW4II3Vpn8JL3ekQ&m=gJRMTBuTVjXDjIz7skpb9umK3ZlMfQ69jBjpLhYF7Ac&s=9isa8PvF4AmGwH1zXcGQIiVmxYi4v9HX4t3zBxJ5ipM&e=>


More information about the keycloak-user mailing list