Managing user account (specially credentials) via REST api

Hello guys,

Would sb kindly please help me with this.

I am managing to have the fallowing flow with my Keycloak server. Steps on the order of execution are as below:

  1. OID - Authorization of a client application using grant type “code” (authentication of user via browser flow). done, OK.
  2. Viewing that particular user information via userinfo_endpoint using the access token obtained in step 1. done, OK.
  3. Viewing/Managing only that particular user’s credentials (i.e., deleting user password via rest api path “/…/user_id/credentials/cred_id”). Server returns 403 forbidden error.

Considering that:

  • I do not want to grant user, admin privileges like manage_users, but it is okay to grant them to the client application.

  • I do want to acquire access token via user authentication, not for example via grant_type=client_credentials.

Do you have any recommendation on the way I can configure the server for this purpose? Or any hint at all.