Based on the NodeJS Admin Client and v19.0.1 of KeyCloak,
This is the current configuration, which works. I’ll also note that in order to get this to work, I had to add the role admin to the admin-cli client.
export const kcAdminClient = new KcAdminClient({
realmName: "master",
baseUrl: "http://server:8080/auth"
});
export const performKeycloakAuth = async () => {
try {
const credentials: Credentials = {
grantType: "client_credentials",
clientId: "admin-cli",
clientSecret: "sec",
};
await kcAdminClient.auth(credentials);
setInterval(() => kcAdminClient.auth(credentials), 58 * 1000);
} catch (error) {
throw error;
}
};
Although that configuration works (except for the interval re-auth), I want to restrict the client access so it can only do things for realm XYZ instead of all realms. Is this possible on the current version, or is there something missing? I tried creating a client called my-client in realm XYZ and granting the client the admin role, but I kept getting unknown_error as a response when making requests. And the docker logs aren’t showing the API calls.
The error with re-authentication using the admin-cli client is with the following code:
setInterval(() => kcAdminClient.auth(credentials), 58 * 1000);
When this code runs, you get the following error 'Public client not allowed to retrieve service account even though the admin-cli client is not declared as public.