Keycloak API always returns 401

api https access-token keycloak unauthorized
Jayce444 picture Jayce444 · Oct 23, 2017 · Viewed 20.9k times · Source

I'm trying to interact with Keycloak via its REST API. I have the master realm and the default admin user, and a test realm. Firstly, I get an access token for the admin account and test realm:

let data = {
    grant_type : 'password',
    client_id : 'test-realm',
    username : 'admin',
    password : 'admin'
};
let headers = {
    'Content-Type': 'application/x-www-form-urlencoded'
};
axios.post(
    'https://someurl.com:8080/auth/realms/master/protocol/openid-connect/token',
    qs.stringify(data),
    headers
)

That works ok. Then I try to make a call to create a user (or do anything else) and I get a 401 unauthorized error:

headers = {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Authorization': `Bearer ${accessToken}`
};
data = {
    rep: {
        email: "[email protected]",
        username: "[email protected]"
    },
    path: 'test-realm'
};
axios.post('https://someurl.com:8080/auth/admin/realms/test-realm/users',
    qs.stringify(data),
    headers
)

Is that not the correct way to include the token? Is the access token the one you use for authenticating other API calls? Shouldn't the admin account's token work for authenticating calls to other clients with the master realm? Would it be some setting in the master realm that I have to change in the admin console? Any help appreciated.

Answer

v.ladynev picture v.ladynev · Oct 24, 2017

Is that not the correct way to include the token?

This is a correct way.

You just do something incorrectly. Please, refer for an example from keycloak-request-token Node.js module:

https://github.com/keycloak/keycloak-request-token/blob/master/index.js#L43

You use 

client_id : 'test-realm'

but there is 

client_id: 'admin-cli'

there (don't know it matters or no).

Also, to create a user, you should use

'Content-Type': 'application/json'

You can refer for Node.js examples of Keycloak REST API here:

https://github.com/v-ladynev/keycloak-nodejs-example/blob/master/lib/adminClient.js

Examples of other useful stuff like:

  • custom login
  • storing Keycloak token in the cookies
  • centralized permission middleware

can be found in the same project: keycloak-nodejs-example

Related questions

How do I deal with certificates using cURL while trying to access an HTTPS url?

I am getting the following error using curl: curl: (77) error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none How do I set this certificate verify locations? Thanks.

Read More
No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API

I'm trying to fetch some data from the REST API of HP Alm. It works pretty well with a small curl script - I get my data. Now doing that with JavaScript, fetch and ES6 (more or less) seems to …

Read More
How do I make calls to a REST API using C#?

This is the code I have so far: using System; using System.Collections.Generic; using System.Linq; using System.Text; using System; using System.Net.Http; using System.Web; using System.Net; using System.IO; namespace ConsoleProgram { public class Class1 { …

Read More