I am trying to write tests for an API that uses Keycloak for authorization.
I can programmatically login to keycloak from the test script using grant_type
password, and keycloak responds with a token.
When the API tries to verify that token using the Keycloak userinfo endpoint, I get a 403 Token Authorization Error
.
The same API validation function works fine for the same user, if I login to Keycloak manually through the web client. I have checked the API middleware and it receives the same token as was generated by keycloak.
If someone is getting:
{
"error": "unauthorized_client",
"error_description": "Client not allowed for direct access grants"
}
when trying to get the token, you need to enable direct access grant for your client: