Keycloak Direct Access Grant not valid at keycloak userinfo endpoint
I am trying to write tests for an API that uses Keycloak for authorization.
I can programmatically login to keycloak from the test script using grant_type password, and keycloak responds with a token.
When the API tries to verify that token using the Keycloak userinfo endpoint, I get a 403 Token Authorization Error.
The same API validation function works fine for the same user, if I login to Keycloak manually through the web client. I have checked the API middleware and it receives the same token as was generated by keycloak.
Solution
If someone is getting:
{
"error": "unauthorized_client",
"error_description": "Client not allowed for direct access grants"
}
when trying to get the token, you need to enable direct access grant for your client:
![[1]: https://i.sstatic.net/m3WOD.png](https://i.sstatic.net/m3WOD.png)
- Spring Boot JWT Auth Fails With "Another algorithm expected, or no matching key(s) found" Despite Matching HS512 Config
- secretOrPrivateKey must be an asymmetric key when using RS256
- Generate JWT Token in Keycloak and get public key to verify the JWT token on a third party platform
- .NET OIDC token mapping different between id_token and userinfo endpoint
- What are the main differences between JWT and OAuth authentication?
- How to resolve TypeScript type error with jwt.sign and Secret in jsonwebtoken?
- jsonwebtoken.verify method giving error from keycloak token
- Could not decode JWT payload from base64
- Why am I getting error in WebSecurityConfig?
- Use multiple JWT Bearer Authentication
- Keycloak Direct Access Grant not valid at keycloak userinfo endpoint
- Entra ID OAuth 2.0 /token request failing using client_assertion
- Why does MSAL AcquireSilent always get a new token even when the current token is valid?
- Token handler unable to convert the token to jwt token
- Generating your OAuth Linkedin token : Oops. We can’t verify the authenticity of your request because the state parameter was modified
- Problems with setting up JWT Bearer authentication in ASP.NET Core
- What characters are allowed in a JWT token?
- JWT Base64 Decode failed in Notepad++
- Getting only decoded payload from JWT in Python
- How do I synchronize JWT between browser tabs of the Flutter web application?
- JWT Cookie Removed After Page Refresh in React App (Frontend Localhost, Backend Server)
- using refresh token to get new access token react and node js
- Generating JWT token with JwtUtil class in Spring Boot resulting in NullPointerException
- How to access Token data from controller method?
- Get JWT claims directly from the token, ASP Net Core 2.1
- Spring Boot - Two Authentication Methods for some paths
- JWT authentication in a Next.js API with the Edge Runtime. JWTClaimValidationFailed: "nbf" claim timestamp check failed
- ASP.NET Core Google Auth with JWT - InvalidOperationException when using SignInAsync
- ECDSA-signed JWT validation failures between .NET and PHP
- The audience is invalid error