How to get roles from custom client in keycloak?

Question

To get roles in a custom client I know I need to do two APIs. One is to get an access token and one is to get the roles. My doubt is, should I get accessToken by sending admin-CLI details in headers or because I want roles of the custom client I have created? Because, im getting unknown_error when trying to fetch roles.

To get accessToken:

curl -X POST \
  http://localhost:8080/auth/realms/test-keycloak-example/protocol/openid-connect/token \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials&client_id=test-keycloak-example&client_secret=shhh'

To get roles:

curl -X GET \
  http://localhost:8080/auth/admin/realms/test-keycloak-example/clients/cb11fd17-46df-419a-9c67-4a69d1be66ae/roles \
  -H 'authorization: Bearer <token received from previous call> \
  -H 'cache-control: no-cache' \
  -H 'postman-token: 248fef6b-9c24-3aa3-91ae-a6f11e01e55c'

The response is:

{
   "error": "unknown_error"
}

Answer 1

Using Postman and three conditions should support it. #1 "test-user" needs a "view-clients" role. It comes from "realm-management" client.

#2 Using "admin-cli" client and Change Access Type with "confidential" and turn on "Authorization Enabled" is "ON"

#3 using "admin-cli"'s secret for Postman token call.

#4 get token with #3's secret and #1 user's credential(username and password)

• the token "expires_in" is very short, you need to makes a longer by UI. it is admin-cli's advanced settings(for just testing purpose)

#5 you needs to save a token for calling client/role API

• it is same #4's API on Tests Tab of Postman.

#6 Call list client/role API with #5's token.

#7 find "custom-client" id from #6

#8 call custom role API using #7 id. it should be match with UI's roles.

Good Luck!