Client application is not registered as a resource server

Question

I set up KeyCloak on my Quarkus application. Realm is 'quarkus', as is the client. I successfully get token from KeyCloak, but when I'm about to use it in whatever method on my service, I get this:

Caused by: org.keycloak.authorization.client.util.HttpResponseException: Unexpected response from server: 403 / Forbidden / Response from server: {"error":"invalid_clientId","error_description":"Client application [quarkus] is not registered as a resource server."}

application.properties is set like this:

quarkus.oidc.auth-server-url=http://localhost:8080/realms/quarkus quarkus.oidc.client-id=quarkus quarkus.oidc.credentials.secret=dFvRiItg9NjUA56h4nk4xPG4IqKFNPkG quarkus.oidc.tls.verification=none quarkus.http.auth.permission.authenticated.paths=/* quarkus.http.auth.permission.authenticated.policy=authenticated

What I'm doing wrong?

Answer 1

Just go to the Keycloak console. Go to Clients tab and select your client. Then, turn on this option:

Do not forget to save the configuration. This should solve your problem

Answer 2

I got the same error while trying to set up keycloak in quarkus dev environment.

I found out there was a problem with the resource configuration. First I fixed a part of the problem by setting to true the Authorization Enabled setting in the client setting page.

It gave me another error: invalid_scope, Requires uma_protection scope I'm guessing it's a client scope to add. I found a issue stating that it should be a scope and not a client scope but can't find it anymore.

anyway, the easiest way I found to fix this configuration for my dev environment was to reimport the quarkus realm from this file: quarkus-realm.json

it seems to be up to date and working. Next you can check the config to find out your missing params.