keycloakkeycloak-rest-apikeycloak-nodejs-connect
Cannot set `bearerOnly: true` in Keycloak 19.0
I am trying to secure my backend service but due to the updates with Keycloak 19.0 I can't follow any tutorial online. I am trying to set bearerOnly: true but there are no options to set the access type in new version of Keycloak
Solution
I tested v19.0.1, I can't find to option for bearerOnly option UI either but client JSON import after export and change bearerOnly true works.
I tested to import v18.0.2's JSON makes error.(attached image at the bottom)
So if you migrate from old version to 19.0.1 should be update manually base on v19's export JSON file. Steps
- Export Client JSON from v19
- Delete #1 client
- Switch "bearerOnly": true
- Import #3 JSON in v19
This is bearerOnly true and false difference screen in UI
bearerOnly True option
bearerOnly False option
Using this JSON for True option
{
"clientId": "my-client-bearer-true",
"name": "My Client Bearer Only True",
"description": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"oidc.ciba.grant.enabled": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}
If import v18.0.2 JSON file with bearerOnly true into v19.0.1, It makes error
I using this V18 JSON file but It makes error as upper image. So you can't import directly v18 JSON into V19.
{
"realm": "test",
"bearer-only": true,
"auth-server-url": "http://localhost:8180/auth/",
"ssl-required": "external",
"resource": "my-client",
"confidential-port": 0
}
- Role-based authentication not working with Keycloak and Java Spring
- Keycloak error on console " violating Content Security Policy directive: "frame-ancestors 'self'"
- Keycloak authorization_code invalid format
- nest-keycloak-connect realmUrl missing first part of the url
- Keycloak set password policy via Rest API
- superset keycloak integration on https
- Keycloak: getting back from user profile page
- How to load initial realm in keycloak server with docker?
- Keycloak + SPA as client (Vue) + Spring Cloud Gateway as resource server + Spring Boot Microservices
- Use Keycloak Spring Adapter with Spring Boot 3
- KeyCloak - How to add Role's attribute into a user JWT (Access Token)?
- Keycloak - Client Roles - Retrieve custom attributes
- Configure Keycloak OTP via Administration REST API
- Blazor Hosted WebAssembly with Keycloak and Basic Authentication Issue
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- Keycloak: Not able to load admin GUI/console
- Keycloak retrieve custom attributes to KeycloakPrincipal
- Keycloak SSL setup using docker image
- How to change keycloak jvm arguments via CLI in standalone configuration
- Logout from next-auth with keycloak provider not works
- Cannot find module 'keycloak-js/authz' while import with TypeScript
- How to bypass keycloak login page and provide client suggested idp with spring security
- Keycloak Custom message on user temporary lock
- Angular - Spring Boot - Keycloak - 401 Error
- Spring Security + Keycloak (with self signed certs) - How do you disable hostname verification?
- Keycloak, not returning access token if update password action selected
- Keycloack Custom Identity provider
- Keycloak lost admin password
- How to make keycloak sessions survive server restarts or upgrades?
- How can I authenticate using the token exchange grant type for impersonation with spring boot and keycloak?