Python Keycloak Error - Public client not allowed to retrieve service account

Question

I'm trying to get keycloak_admin instance in my code as described in documentation https://pypi.org/project/python-keycloak/

keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/",
                               username='example-admin',
                               password='secret',
                               realm_name="master",
                               user_realm_name="only_if_other_realm_than_master",
                               client_secret_key="client-secret",
                               verify=True)

But I'm getting this error: KeycloakAuthenticationError: 401: b'{"error":"unauthorized_client","error_description":"Public client not allowed to retrieve service account"}'

I'm pretty sure my client is set to CONFIDENTIAL, not PUBLIC, so I don't know why this error appeared. Any suggestions what could go wrong here?

Answer 1

First make sure you are using the right realm.

Then, enable the service account role for your client in the Keycloak client settings.

POST http://<KEYCLOAK_URL>/realms/<YOUR_REALM>/protocol/openid-connect/token?grant_type=client_credentials&client_id=<YOUR_CLIENT_ID>&client_secret=<CLIENT_SECRET>

You should not need the username and password.