Error Details
WARN [org.keycloak.events] (default task-45) type=PERMISSION_TOKEN_ERROR, realmId=RBAC, clientId=app-client, userId=null, ipAddress=172.17.0.1, error=invalid_token, reason='HTTP 500 Internal Server Error', auth_method=oauth_credentials, audience=app-client, grant_type=urn:ietf:params:oauth:grant-type:uma-ticket, permission=6df4c1d4-f740-4331-a8b6-b4839e36c2e3#scopes:view,
Problem Description
If you start a Keycloak server as described in the quarkus authorization samples – both HTTP 8180 and HTTPS 8543 ports are available. If you now configure your auth-server-url in application.properties using http like:
quarkus.oidc.auth-server-url=http://localhost:8280/auth/realms/RBAC
but you use https in your curl script to retrieve the Token – you finally end up with above PERMISSION_TOKEN_ERROR error when running any valid HTTP request . The request itself fails with HTTP 401.
Curl request to get the token
curl --insecure -X POST https://localhost:8543/auth/realms/RBAC/protocol/openid-connect/token --user app-client:0a32b2ad-7b58-4c5b-bffe-7d3673fe70a3 -H 'content-type: application/x-www-form-urlencoded' -d 'username=testadmin&password=xxx&grant_type=password'
Fix
- Keep quarkus.oidc.auth-server-url and your REST URL in sync by using the sampe protocol
- Use for both either http or https
Be First to Comment