Unauthenticated UMA request

[Edgar Silva]

In a repository with resources having a mix of public and protected data (scopes: public, protected1, protected2), following the UMA specification, is it possible to receive an RPT with the "public" scope, in any way, without authentication (therefore, without an access token). The goal would be for the client to be able to request a permission ticket and then, when requesting the RPT, if this request is accompanied with an authentication token the correct permissions associated with the user are returned, if no authentication is provided, an RPT for the public scope should be emitted.

Is there any way (or maybe a workaround) to make this work?

[Edgar Silva]

For example, when I query the /protocol/openid-connect/token with no authentication (without an Access Token), currently we obtain the response:

HTTP 400 Bad Request

{

  "error": "unauthorized_client",

  "error_description": "INVALID_CREDENTIALS: Invalid client credentials"

}

Would it be possible to customize this behavior to return a default RPT token that contains authorization for a specific (public) scope. In this case it would be the "public" scope that I mentioned. Is it possible to customize this behavior using Keycloak?