bubu0321
Reputation: 537
How to use client to post the realm role in Keycloak?
I have created a client in keycloak and configure it access type to "confidential".
I can use REST API protocol/openid-connect/token with clientId and client secret to get the access token for this this client.
In my design, there is a use case that I need to use the client access token to post a role in its Realm (the role needs to belong to realm, not this client). Then I can see the post request is denied. I have configured the scope of this client to full scope but it doesn't help.
Any idea whether this is possible? If yes, what configs I need for this client?
Upvotes: 4
Views: 1858
Answers (1)
dreamcrash
Reputation: 51393
Try the following:
(OLD Keycloak UI)
- To go your Realm > Clients and select your client;
- Switch
Service Accounts EnabledtoON, and click[SAVE]; - Switch to
Service Accounts Rolestab; - From the
Client Rolesdropdown menu select therealm-managementclient - Select
realm-admin, and clickAdd Selectedand tried it out.
(New Keycloak UI)
- Select your Realm then go to
Clientsand select your client; - In Authentication flow select
Service accounts rolesand click[SAVE]; - Switch to
Service Accounts Rolestab; - Click on
Assign Role - On the
Search by role namesearch for the role name 'realm-admin', then select it and click onAssign
Upvotes: 6
Related Questions
- How to add Keycloak realm role to group via REST API
- Keycloak ignores realmRoles when adding a user by rest api
- Is it possible to configure user in realm with rights to read/modify roles and users
- Keycloak - Manage realm with user from different realm
- How to add realm-admin to an User using keycloak rest-api
- Unable to assign realm Role to a newly created Keycloak User via Admin REST API
- How to get roles from custom client in keycloak?
- Keycloak - Add/Remove Realm role from a user using APIcalls
- Assign realm role to service account keycloak
- How to get realm roles with user data in keycloak Admin API