I am trying to explore features of KeyCloak server and want to get information about access token by using /openid-connect/token/introspect endpoint.
So, I am sending next request to this endpoint
curl -v --data "token_type_hint=access_token&client_id=product-
app&username=user&token=MY ACCESS TOKEN"
http://localhost:8080/auth/realms/springdemo/protocol/openid-
connect/token/introspect
So this is what I have as a response:
{"error":"invalid_request","error_description":"Client not allowed."}*
Connection #0 to host localhost left intact
and this is what I see in KeyCloak's logs:
12:00:18,045 WARN [org.keycloak.events] (default task-13)
type=INTROSPECT_TOKEN _ERROR,
realmId=springdemo, clientId=product-app, userId=null, ipAddress=127.0.0
.1, error=invalid_request, detail='Client not allowed.',
client_auth_method=client-secret
So, I can't get it - how should I properly make request to keycloak in this case regarding that product-app has public access. Please, explain!
To use these endpoints with Postman, we'll start by creating an Environment called “Keycloak.” Then we'll add some key/value entries for the Keycloak authorization server URL, the realm, OAuth 2.0 client id, and client password: Finally, we'll create a collection where we can organize our Keycloak tests.
It seems like you are not able to use /openid-connect/token/introspect endpoint when your client has public access type.
So, switch to the CONFIDENTIAL ACCESS TYPE and use
curl -v --data "client_secret=YOUR_SECRET9&client_id=product-
app&username=user&token=YOUR_TOKEN"
http://localhost:8080/auth/realms/springdemo/protocol/openid-
connect/token/introspect
It works fine.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With