Reputation: 69
Cannot set `bearerOnly: true` in Keycloak 19.0
I am trying to secure my backend service but due to the updates with Keycloak 19.0 I can't follow any tutorial online. I am trying to set bearerOnly: true but there are no options to set the access type in new version of Keycloak
Upvotes: 2
Views: 1324
Answers (1)
Reputation: 9320
I tested v19.0.1, I can't find to option for bearerOnly option UI either but client JSON import after export and change bearerOnly true works.
I tested to import v18.0.2's JSON makes error.(attached image at the bottom)
So if you migrate from old version to 19.0.1 should be update manually base on v19's export JSON file. Steps
- Export Client JSON from v19
- Delete #1 client
- Switch "bearerOnly": true
- Import #3 JSON in v19
This is bearerOnly true and false difference screen in UI
bearerOnly True option
bearerOnly False option
Using this JSON for True option
{
"clientId": "my-client-bearer-true",
"name": "My Client Bearer Only True",
"description": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"oidc.ciba.grant.enabled": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}
If import v18.0.2 JSON file with bearerOnly true into v19.0.1, It makes error
I using this V18 JSON file but It makes error as upper image. So you can't import directly v18 JSON into V19.
{
"realm": "test",
"bearer-only": true,
"auth-server-url": "http://localhost:8180/auth/",
"ssl-required": "external",
"resource": "my-client",
"confidential-port": 0
}
Upvotes: 1
Related Questions
- Node.js API protected by Keycloak with Access-Type "bearer-only"
- Setting up keycloak bearer-only client with https keycloak server
- Disable ssl in Keycloak 20.0.1
- Can not configure Keycloak 17 in spring boot app - elements [keycloak.keycloak.bearer-only] were left unbound
- Keycloak issue Cannot exchange code for grant in bearer-only mode
- Logging into Keycloak from NodeJS: 400 Bad Request
- Keycloak authentication issue
- Unable to validate the token from Keycloak
- KEYCLOAK: Client secret not provided in request
- KeyCloak Node.js adapter gives KeyCloak page not found for public clients and access denies for bearer-only clients