Keycloak roleResource.getRoleUserMembers(); throws a 403 error

MarvinKern · October 23, 2020, 5:58am

Hi at all

I hava springboot java application in which I am trying to get all users, that have a specific role. For that I am using following code:

RoleResource roleResource = keycloak.realm(realmId).roles().get(roleId);
Set<UserRepresentation> users = roleResource.getRoleUserMembers();

But in the line with the roleResource.getRoleUserMembers(); part, I am getting

Caused by: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden

I would gess my Keycloak client needs more scopes to do this, but I dont know which ones.
I tried to run it with my client having “Full scope allowed”, but that did not help…

Does anybody have ideas on this?

Thank you

MarvinKern · October 27, 2020, 11:06am

Little update on this. I got a 403 error because my client was missing the correct rights.
In Keycloak you have to go to your client, under “Scope” and “Service Account Roles” you have to set under realm-management the roles query-clients, query-users, query-groups, view-clients, view-users and view-realm.
Now the 403 error is gone.

Topic		Replies	Views
403 Forbidden - Accessing Keycloak APIs Getting advice	3	1977	March 9, 2022
403 Error while getting KeycloakAdmin using python-keycloak	5	2328	February 17, 2023
REST Api Error 403 Configuring the server	2	460	February 9, 2021
Cannot retrieve realm keys with Spring Boot client Securing applications	3	4030	August 19, 2021
403 Error by GET REST request admin-rest , ldap	2	15877	June 9, 2020

Keycloak roleResource.getRoleUserMembers(); throws a 403 error

Related Topics