Keycloak roleResource.getRoleUserMembers(); throws a 403 error

Hi at all :slight_smile:

I hava springboot java application in which I am trying to get all users, that have a specific role. For that I am using following code:

RoleResource roleResource = keycloak.realm(realmId).roles().get(roleId);
Set<UserRepresentation> users = roleResource.getRoleUserMembers();

But in the line with the roleResource.getRoleUserMembers(); part, I am getting

Caused by: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden

I would gess my Keycloak client needs more scopes to do this, but I dont know which ones.
I tried to run it with my client having “Full scope allowed”, but that did not help…

Does anybody have ideas on this?

Thank you :slight_smile:

Little update on this. I got a 403 error because my client was missing the correct rights.
In Keycloak you have to go to your client, under “Scope” and “Service Account Roles” you have to set under realm-management the roles query-clients, query-users, query-groups, view-clients, view-users and view-realm.
Now the 403 error is gone.

1 Like