Hello, I would like to use the Keycloak authorization services to protect a resource server with which I talk through a command line interface.
I set up two clients, one for my command line interface, “cli”, and one for the server, “node0”.
- The cli get an access token through the cli by using these parameters
"grant_type": {"password"},
"client_id": {"cli"},
"username": {username},
"password": {password},
-
The cli puts the access token in the authorization header of a request to access a resource on the server
-
The server sends the access token to keycloak to get a RPT. To do that it puts the access token in the authorization header of its request to keycloak and uses as parameters
"grant_type": {"urn:ietf:params:oauth:grant-type:uma-ticket"},
"audience": {"node0"},
after that, this is what appears in the keycloak log:
WARN [org.keycloak.events] (default task-2) type=PERMISSION_TOKEN_ERROR, realmId=myrealm, clientId=cli, userId=null, ipAddress=172.22.0.4, error=invalid_token, auth_method=oauth_credentials, grant_type=urn:ietf:params:oauth:grant-type:uma-ticket
What am I doing wrong?