Reputation: 2316
Get 400 with message unknown_error for any POST to Keycloak REST Api
I want, for example, create a new client with admin user using admin-cli client.
The token generation works fine:
POST /auth/realms/master/protocol/openid-connect/token
b'username=admin&password=admin&grant_type=password&client_id=admin-cli'
Using that token I can also do some queries like when I need to get id of a client:
GET /auth/admin/realms/master/clients?clientId=my-test-cli
H' Authorization: Bearer xyz
H' Content-Type: application/json
However, when I want to create a new client-role or a new client I always get 400 error. I changed the log level to DEBUG in the Keycloak server but there is nothing useful there other than seeing logs that says the token successfully created.
POST /auth/admin/realms/master/clients/7534ac42-fe8b-4cde-b6c6-c385f4958e3b/roles
400 {"error":"unknown_error"}
I am using Python v3.x and Keycloak v14.0.0 running with JBoss Wildfly container.
Looking at admin user, it seems it has all the roles like admin, default-roles-master, create-realm and I don't see any role in the listings to assign because it seems it has it all. The same for the admin-cli client. The configuration of these two (admin user and admin-cli) are the default configuration that you start the server for the first time.
Do I need anything extra like creating a new role or something in order to get this working?
My payload to create a confidential client:
payload = {
"name": "Some Name",
"clientId": "some-name",
"secret": "some-name-secret",
"enabled": true,
"publicClient": false,
"authorizationServicesEnabled": true,
"redirectUris" : ["/*"]
}
Upvotes: 0
Views: 5255
Answers (1)
Reputation: 2316
I want to answer my question so that everyone with similar situation won't face the same issue.
Turned out that the payload that I was sending was not correct, thanks to @JanGaraj who pointed that out. But what I want to answer here is that how to find out what should the request body look like.
First, do not look at the documentation. In the documentation all the fields are optional and URLs are not correct either.
The simplest way is to start Keycloak server locally and log into the admin console in Firefox or Chrome, then press F12 to open Development Mode. Then you can see all the requests/responses in there.
For example, if you want to see how to update a role, go to Roles menu item on the main menu and select a role and update it. You can see PUT request with its body. That tells you what you need to pass in and to what URL.
As a hint, you don't need to pass everything when updating, normally only IDs and the fields that you want to update are enough.
Upvotes: 6
Related Questions
- Unknown error while creating client using Keycloak REST API
- Keycloak REST API 403 forbidden
- Why I can not reach this keycloak rest api end point?
- Keycloak: All API response with 404
- Cant access keycloak rest API methods *404*
- Keycloak Rest API 404 not found
- {'error': 'RESTEASY003650: No resource method found for PUT, return 405 with Allow header'} when updating user data in Keycloak
- keycloak unknown error while creating a new resource via rest api
- KeyCloak users rest api return 403 forbidden, why?
- Getting 400 Bad Request from Rest API for Keycloak with Consent Required ON