Closed Coding-Crashkurse closed 2 years ago
Hello @Data-Mastery, at a first glance I would say this happens because your configuration is not correct. Seems like your configured admin user does not have sufficient rights on the realm.
Did you use our provided example configuration? Or did you setup things yourself?
Thanks for the quick response. I used the provided example configuration here: https://fastapi-keycloak.code-specialist.com/downloads/realm-export.json. I used the setup from here: https://fastapi-keycloak.code-specialist.com/quick_start/
Well, that should obviously not happen then. I will look into it, to fix the provided example. However, we might want to fix your issue anyway, since I'm not sure how fast I can tackle this.
Could you check if the admin-cli
service account has all realm-related roles? If you use the Keycloak web interface, you should find this at: Clients > admin-cli > Service Account Roles > Client Roles > Realm Management
. If not done yet, add all the roles to the service account. If this does not fix your issue, its probably the permissions are given but somehow do not end up as claims in your access token signed for the service account
Ok, that solved the issue, thank you very much. I ran into a follow up error, which gave me the following hint:
AssertionError: The access required was not contained in the access token for the `admin-cli`.
Possibly a Keycloak misconfiguration. Check if the admin-cli client has `Full Scope Allowed`
and that the `Service Account Roles` contain all roles from `account` and `realm_management`
=> very good, easy to solve
As a user of your library I would expect something similar also for the first error :-).
Glad we could solve it. We'll try to improve the error message as well
I opened a PR in which I updated these required modifications to realm-export.json
. Hopefully that helps; for me it does.
Closed with #38
Hello!
really good project, i love keycloak and fastapi :-). Unfortunately I am not able to get it running and I guess this is due to a bug:
The error happens, when I the token is decoded:
I my token I don´t have "resource_access, which leads to "None" and to a follow up error:
AttributeError: 'NoneType' object has no attribute 'get'
traceback:
Is there something I did wrong or is this an error in the lib?