jwtkeycloak

Keycloak Direct Access Grant not valid at keycloak userinfo endpoint


I am trying to write tests for an API that uses Keycloak for authorization.

I can programmatically login to keycloak from the test script using grant_type password, and keycloak responds with a token.

When the API tries to verify that token using the Keycloak userinfo endpoint, I get a 403 Token Authorization Error.

The same API validation function works fine for the same user, if I login to Keycloak manually through the web client. I have checked the API middleware and it receives the same token as was generated by keycloak.


Solution

  • If someone is getting:

    {
        "error": "unauthorized_client",
        "error_description": "Client not allowed for direct access grants"
    }
    

    when trying to get the token, you need to enable direct access grant for your client:

    [1]: https://i.sstatic.net/m3WOD.png