Comments (7)
Well, that should obviously not happen then. I will look into it, to fix the provided example. However, we might want to fix your issue anyway, since I'm not sure how fast I can tackle this.
Could you check if the admin-cli
service account has all realm-related roles? If you use the Keycloak web interface, you should find this at: Clients > admin-cli > Service Account Roles > Client Roles > Realm Management
. If not done yet, add all the roles to the service account. If this does not fix your issue, its probably the permissions are given but somehow do not end up as claims in your access token signed for the service account
from fastapi-keycloak.
Ok, that solved the issue, thank you very much.
I ran into a follow up error, which gave me the following hint:
AssertionError: The access required was not contained in the access token for the `admin-cli`.
Possibly a Keycloak misconfiguration. Check if the admin-cli client has `Full Scope Allowed`
and that the `Service Account Roles` contain all roles from `account` and `realm_management`
=> very good, easy to solve
As a user of your library I would expect something similar also for the first error :-).
from fastapi-keycloak.
I opened a PR in which I updated these required modifications to realm-export.json
. Hopefully that helps; for me it does.
from fastapi-keycloak.
Hello @Data-Mastery, at a first glance I would say this happens because your configuration is not correct. Seems like your configured admin user does not have sufficient rights on the realm.
Did you use our provided example configuration? Or did you setup things yourself?
from fastapi-keycloak.
Thanks for the quick response. I used the provided example configuration here: https://fastapi-keycloak.code-specialist.com/downloads/realm-export.json. I used the setup from here: https://fastapi-keycloak.code-specialist.com/quick_start/
from fastapi-keycloak.
Glad we could solve it. We'll try to improve the error message as well
from fastapi-keycloak.
Closed with #38
from fastapi-keycloak.
Related Issues (20)
- realmRoles Field required HOT 4
- Why admin_client_secret? HOT 2
- Support other OAuth2 auth schemes than `OAuth2PasswordBearer`
- fastapi_keycloak.exceptions.KeycloakError: HTTP 403: {'error': 'unauthorized_client', 'error_description': 'Invalid client secret'} HOT 1
- Create clients from library HOT 1
- Question: 2FA support
- required_roles param in get_current_user method. Add OR condition
- unable to connect to keycloak server HOT 2
- The `realm-export.json` file in the documentation website needs to be updated
- fastapi-keycloak docs outdated?
- Unable to pip install from python docker images HOT 2
- Can we pass dynamic realm, client_id and client_secret params to FastAPIKeycloak class
- Cannot install from sources: distutils.errors.DistutilsOptionError: No configuration found for dynamic 'description'.
- Trying to run quickstart example, got error The 'realm_access' section of the provided access token is missing on /admin method HOT 7
- how to assign client roles to a user HOT 3
- Adde introspect token from server HOT 1
- Issue with Keycloak v20+ 'access required was not contained' HOT 4
- Refresh token HOT 2
- /protected return Not authenticated HOT 1
- password -> tokenUrl none is not an allowed value HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastapi-keycloak.