Keycloak error invalid_client Bearer only not allowed

user840930 picture user840930 · Sep 19, 2018 · Viewed 7.4k times · Source

I'm trying to deploy a very simple REST service secured with keycloak and am getting the following error:

Caused by: org.keycloak.authorization.client.util.HttpResponse.Exception: Unexpected response from server: 400 / Bad Request / Response from server: ("error":"invalid_client","error_description":"Bearer-only not allowed")

What does this error mean? How can I fix it?

Answer

tryingToLearn picture tryingToLearn · Sep 20, 2018

Since you have not shared your keycloak config, I am guessing the above error is because you created a bearer only client in keycloak. Keycloak doesn't allow "bearer only" clients to obtain tokens from the server. Try to change your client to "confidential" on the server and set bearer-only on your adapter configuration (keycloak.json).

You can refer this thread for more info: http://keycloak-user.88327.x6.nabble.com/keycloak-user-can-we-use-authorization-with-bearer-only-td2123.html