How to use client to post the realm role in Keycloak?

Question

I have created a client in keycloak and configure it access type to "confidential".

I can use REST API protocol/openid-connect/token with clientId and client secret to get the access token for this this client.

In my design, there is a use case that I need to use the client access token to post a role in its Realm (the role needs to belong to realm, not this client). Then I can see the post request is denied. I have configured the scope of this client to full scope but it doesn't help.

Any idea whether this is possible? If yes, what configs I need for this client?

dreamcrash · Accepted Answer · 2022-12-31T14:37:44.787

Try the following:

(OLD Keycloak UI)

To go your Realm > Clients and select your client;
Switch Service Accounts Enabled to ON, and click [SAVE];
Switch to Service Accounts Roles tab;
From the Client Roles dropdown menu select the realm-management client
Select realm-admin, and click Add Selected and tried it out.

(New Keycloak UI)

Select your Realm then go to Clients and select your client;
In Authentication flow select Service accounts roles and click [SAVE];
Switch to Service Accounts Roles tab;
Click on Assign Role
On the Search by role name search for the role name 'realm-admin', then select it and click on Assign

oh wow, thanks a 1000 times. I was searching for this for hours. — Lovis, Dec 06 '21 at 17:53

How to use client to post the realm role in Keycloak?

1 Answers1