Keycloak service account permissions

[Alex Trif]

I am trying to access a protected resource using the service account of a client.  The service account has the corret  client role assigned.  I am getting a 401 and lookin at the token there is no authorization section inside it. Is this normal? How can the client acces the resource otherwise?

[Schuster Sebastian (IOC/PAU1)]

You might to also add the necessary client scopes under the “scopes” tab or enable “Full scope allowed”.

The way Keycloak implements service accounts is like a client acting on behalf of a hidden service account user,

that’s why the client must also be allowed to get the necessary roles from the user.

 

Best regards,

Sebastian

 

Mit freundlichen Grüßen / Best regards

Dr.-Ing. Sebastian Schuster

Project Delivery Berlin 22 (IOC/PDL22)
Bosch.IO GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch.io
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Telefax +49 30 726112-100 | Threema / Threema Work: MF9VMEAE | Sebastian...@bosch.io

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Dr. Aleksandar Mitrovic, Yvonne Reckling

--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/3e745246-f33f-4df8-b999-2f189a9bb232n%40googlegroups.com.