Hi,
I am trying to call the REST api with the client_id admin-cli.
Password Grant
When the client is set to ‘public’, I can get a token and get all users from a specific realm;
export TOKEN=$(curl --location --request POST ‘server:port/auth/realms/master/protocol/openid-connect/token’
–header ‘Content-Type: application/x-www-form-urlencoded’
–data-urlencode ‘username=admin’
–data-urlencode ‘password=XXXXX’
–data-urlencode ‘grant_type=password’
–data-urlencode ‘client_id=admin-cli’ | jq -r .access_token)
curl -H “Content-Type: application/json” -H “Authorization: bearer $TOKEN” -X GET “server:port/auth/admin/realms/MYREALM/users”
-> works fine. I get the list of users.
Client Credentials Grant
When the client is set to ‘confidential’ + Service Accounts Enabled: true
export TOKEN=$(curl --location --request POST server:port/auth/realms/master/protocol/openid-connect/token’
–header ‘Content-Type: application/x-www-form-urlencoded’
–data-urlencode ‘grant_type=client_credentials’
–data-urlencode ‘client_id=admin-cli’
–data-urlencode ‘client_secret=ffffff1-ffff44aa-ffff-6c2cfb710010’ | jq -r .access_token)
-> I get a token, but when i try
curl -H “Content-Type: application/json” -H “Authorization: bearer $TOKEN” -X GET “server:port/auth/admin/realms/MYREALM/users”
I get 403: {“error”:“unknown_error”}
I must be missing something, any tips?