Dynamic Client Registration

viruls · October 3, 2021, 9:01am

Hi There,

I am trying to authenticate users using grant_type=password for a client and also I assigned the create client, manage client in the service account roles section but still I am not able to create/register a new client. Please advise.

Thanks,
Narendra

xgp · October 3, 2021, 10:55am

Do you have view-client, create-client and manage-client roles granted?

viruls · October 3, 2021, 5:36pm

yes, All 3 were assigned.

xgp · October 3, 2021, 7:21pm

Are you creating the client using the admin API, or are you trying to use the OIDC Dynamic Client Registration endpoint? If the latter, you have to create an initial access token. Go to “Realm settings”->”Client Registration” to do that.

viruls · October 3, 2021, 7:45pm

Using oidc protocol and Out of the three methods we have , would like to prefer the user bearer token instead of the other two authentication methods.

viruls · October 3, 2021, 9:04pm

Please also see the above for more test cases I tried

xgp · October 4, 2021, 10:39am

I see. Thanks for the additional context. I didn’t understand you were doing a token exchange from a user to a service account. Does the service account for AppAdmin have the right roles specified in “Service Account Roles” also? That’s usually the problem that yields the insufficient_scope error.

viruls · October 4, 2021, 10:51am

Yes , the AppAdmin client (Service account) was assigned with the below 4 roles,
create client
manage client
query client
view client

Topic		Replies	Views
Dynamic Client registration with Token Exchange	6	1196	October 3, 2021
How to setup Dynamic Client Registration [insufficient_scope] Configuring the server oidc	5	5540	January 30, 2023
Creating user via Admin REST API using other oauth2 client than "admin-cli" Getting advice	3	852	July 4, 2021
Create a oauth client using rest api Getting advice	5	3735	March 31, 2020
Create users from rest API Securing applications	8	3285	May 20, 2023

Dynamic Client Registration

Related topics