-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Solving "HTTP 401 Unauthorized" #5
Comments
Alright, giving it
Using a REST client I now also see the issue: {
"error": "HTTP 401 Unauthorized"
} I wonder why... 🤔 |
You have to call the endpoint with an access token. The authenticated user must have the https://github.com/p2-inc/keycloak-events#managing-webhook-subscriptions If you can show a full request (curl or something similar), that will help debugging. |
Goodness, yes, ofc. sorry, my bad. Did so now! One step further but a different error now 😅 Getting tokenAttempting getting WebhooksServer console
User rolesAppreciate the help! |
Are the roles mapped into the token? Go to jwt.io and decode your token to see. If not, you need to make sure you're mapping the roles into the token in your |
Ah brilliant, that was the missing piece! Gotta document the whole procedure 😅 Thanks a ton, now I can start tinkering with the actual features 🥳 Client service account rolesDecoded token{
"exp": 1668613530,
"iat": 1668613470,
"jti": "dd13337a-5bf8-495a-b0ee-f24447a6276b",
"iss": "https://devserver/realms/master",
"aud": [
"CENSORED-realm",
"master-realm",
"account"
],
"sub": "efad3d71-e455-4c8b-a920-6926d9a380b6",
"typ": "Bearer",
"azp": "webhooks-receiver",
"acr": "1",
"realm_access": {
"roles": [
"default-roles-master",
"offline_access",
"uma_authorization"
]
},
"resource_access": {
"CENSORED-realm": {
"roles": [
"manage-events",
"view-events",
"publish-events"
]
},
"master-realm": {
"roles": [
"manage-events",
"view-events",
"publish-events"
]
},
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "email profile",
"clientHost": "127.0.0.1",
"clientId": "webhooks-receiver",
"email_verified": false,
"preferred_username": "service-account-webhooks-receiver",
"clientAddress": "127.0.0.1"
} REST Client Test |
@nefarius Thanks for your patience and clear communication. Please let me know if you encounter any other issues. |
@nefarius I am struggling through this same issue... {
"exp": 1669057923,
"iat": 1668971523,
"jti": "d0354f08-d737-46a3-9150-c0bf6d732f7c",
"iss": "**",
"aud": "account",
"sub": "9623a24e-9bc6-4818-b6ac-1459e4add633",
"typ": "Bearer",
"azp": "**-mgmt",
"acr": "1",
"realm_access": {
"roles": [
"manage-events",
"view-events",
"default-roles-fianu",
"offline_access",
"uma_authorization"
]
},
"resource_access": {
"**-mgmt": {
"roles": [
"manage-events",
"view-events"
]
},
"account": {
"roles": [
"manage-account",
"manage-events",
"view-events",
"manage-account-links",
"view-profile"
]
}
},
"scope": "profile email",
"email_verified": false,
"clientHost": "**",
"clientId": "**-mgmt",
"preferred_username": "service-account-fianu-mgmt",
"clientAddress": "**"
} It appears the correct roles are found, I can see my serive account user under those roles in the realm, but I am still getting the 401 unauthorized. Any idea what I am missing? |
UPDATE: I believe I was a passing in the access token wrong. Now I am passing it in the GET request to list webhooks properly, but I am getting an curl --location --request GET 'https://demo.fianu.io/auth/realms/fianu/webhooks' \
--header 'Authorization: Bearer my token' \
--header 'Content-Type: application/json' \
--data-raw '{
"enabled": "true",
"url": "https://webhook.site/317996ae-79c9-4f79-b5aa-e9c09cea277a",
"secret": "****",
"eventTypes": [
"*"
]
}' I am using the client secret from the |
Are you sure the token works? Can you try it with some of the core Admin REST API like fetching details for a user? |
@nefarius I figured it out! I misread the documentation, I was doing all of this in a custom realm, when I see that I should've been creating a client and assigning the SA and roles in the |
I was creating the roles |
Hi Team!
Am currently testing this with Keycloak 19.0.2 but for example trying to invoke
/realms/master/webhooks
(or any other routes) only leads to aAn internal server error has occurred
message and no console log. Is there a more verbose log level? Or additional configuration required besides just putting the JAR file in the appropriate place?Thanks!
The text was updated successfully, but these errors were encountered: