Hello, and thank you for reading this.
My setup is like this - I have a client setup in keycloak that is used by the UI for authentication. No authorization. This client is public.
I have another client setup as the resource server (authorization enabled ) in keycloak. This client is used by the backend.
The UI get’s an access_token through the grant_type=authorization_code
and then calls the backend with this access_token. I then try to authorize the backend using this token in order to later get an RPT. But this fails with {"error":"invalid_grant","error_description":"Invalid bearer token"}
.
I looked throught the source code and it seems that the error is issued when the token issued by a public client and the session should be fetched : github
This line fails : authzClient.authorization(token)
Where token is the UI fetched token.
If I do an exercise and issue a token for the UI client through the grant_type=password then the line above does not fail.
So - can somebody please explain what I’m doing wrong ?