CODEWITHSUNDEEP
javaspring-bootkeycloak
Ben Muuo
Ben Muuo

Reputation: 21

Am getting status code 401 when access Keycloak users list even after adding realm-management roles

Am running keycloak version 10.0.2. I have set up a new Realm Screenshot for creation of realm

I have also created created a client called demo-app Screenshot for creation of client

I went a head and created user. On role mapping tab i assigned two realm-management role one view-realm and the other view-users screenshot for realm-management

After those configurations i tried this curl request to obtain access key

curl --location --request POST 'http://localhost:8080/auth/realms/test realm/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=demo-app' \
--data-urlencode 'username=benmuuo' \
--data-urlencode 'password=1234' \
--data-urlencode 'grant_type=password'

after getting the access token i did this request

curl --location --request GET 'http://127.0.0.1:8080/auth/admin/realms/test realm/users' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJROWZUcUtwWm9vZWRCSFZObmNZb19EUGRyc09BejhlMzMzZjhOMjJCRVBvIn0.eyJleHAiOjE1OTc0MTgxNzMsImlhdCI6MTU5NzQxNzg3MywianRpIjoiMjhjOGFiMzItODUyNi00OWJjLWEzZjQtNTU5OTFlNjNjZTlhIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QlMjByZWFsbSIsImF1ZCI6WyJyZWFsbS1tYW5hZ2VtZW50IiwiYWNjb3VudCJdLCJzdWIiOiI2NmQ3MDY3Ny05Mjk2LTQ2NTUtYTY0Zi1kYmI0YTZkY2I5M2QiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJkZW1vLWFwcCIsInNlc3Npb25fc3RhdGUiOiI5YWQ4YTZjMS1hNDRiLTRmNTMtOTRhYy0xNzc4MGQ5ZDE1NjYiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJhZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwidmlldy11c2VycyIsInF1ZXJ5LWdyb3VwcyIsInF1ZXJ5LXVzZXJzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImJlbm11dW8ifQ.drQwz61b1f6B7E2e5g5k0poDPucEav4yd5FIN7kPjbl2Kgo8w96i9M98htcBkFkk6_EcWGx7U5H4TgAng4x_VVrCC8KgtIM_Jbmz0h_7bx_4LCkCcxmka-zuxBm4BKjF42XHOApKmL26dAnRbFgckp3SZ8v14Xz77Va0tPcH4R_Ap0VgkD0X3kj5rbInsvtrBDgQyinFSPZxe9fzW9ZybkQ4UmN_Plj6zbDwOmPbA1vOEuhPRmddgM5TfDr46bmeiuw6jrqD-1IA6glkt4H2P9ebjFWVHePLw9eyE8F0onRqOVajQgN60d2hNSSi-FsHHr-DoQG5mEQx797yrr4TVQ'

this is when am getting the 401 error

 {
    "error": "HTTP 401 Unauthorized"
}

What could be causing the issue cause i don't get it.

Upvotes: 2

Views: 8782

Answers (2)

Mateusz Wicherski
Mateusz Wicherski

Reputation: 136

Unfortunately, Keycloak has problems with realms that have names containing non URL-friendly characters (such as a space). You can see https://issues.redhat.com/browse/KEYCLOAK-7844 and https://github.com/keycloak/keycloak/pull/5375#issuecomment-405343026 for more details.

The only viable solution (for now, that is Keycloak 11.0.2-) is to forbid the creation of such realms, for example by changing the theme to have any validation of the realm names in the input fields.

Try to change the realm name to test-realm and you can use Test Realm as a realm display name.

Upvotes: 3

Javod Ne'matov
Javod Ne'matov

Reputation: 11

Firstly you should do this request with admin(master) profile

curl --location --request POST 
'http://localhost:8080/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'grant_type=password'

After getting the access token, try this request

curl --location --request GET 
'http://localhost:8080/auth/admin/realms/test realm/users' \
--header 'Authorization: Bearer your-access-token

Upvotes: 1

Related Questions