In the KeyCloak UI under Clients there is a tab Service Account Roles
. I can add a role to there and it shows up in my JWT, which is exactly what I want. But how can I script that? As a trial I did this:
$KCADM get clients/$CLIENT_ID/service-account-roles -r $REALM_NAME
but I got a ‘no resource for URL…’ response
In case I’m going about this the wrong way I’ll say what my overall goal is. I have several Client Credentials users who need different capabilities, so I expect to create several KeyCloak Clients and give them different roles. The roles show in the JWT and the services that process the requests can enforce the rules. But I do need to script this because I have lots of different cases.
Anyone know?
Thanks