Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-7325

Unexpected Server Error when calling resource_set endpoint (ProtectionService.java)

    XMLWordPrintable

    Details

    • Sprint:
      Keycloak Sprint 6
    • Story Points:
      1
    • Steps to Reproduce:
      Hide
      • Start Keycloak on a local machine (debug-mode preferred)
      • Create some resources in a specfied realm and client
      • Call GET /auth/realms/$realmName/authz/protection/resource_set Endpoint
      • Authorization Header including Bearer Token is required
      • HTTP 500 should be returned
      Show
      Start Keycloak on a local machine (debug-mode preferred) Create some resources in a specfied realm and client Call GET /auth/realms/$realmName/authz/protection/resource_set Endpoint Authorization Header including Bearer Token is required HTTP 500 should be returned
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      When calling the "/auth/realms/$realmName/authz/protection/resource_set" endpoint Keycloak returns a HTTP 500 Server Error. After some debugging it showed, that the retrieval of the the corresponding ClientModel in ProtectionService.java returned null, because identity.getId() returns an User-ID and not the related Client-ID.

      org.keycloak.authorization.protection.ProtectionService.resource() (line 60, master-branch)

      This endpoint is requested by an users access-token.

      Current Code (master-branch), fails:
      ClientModel client = realm.getClientById(identity.getId());
      --> client = null
      --> identity.getId() = user-ID of the user requesting the Endpoint

      Based on the Documentation, this endpoint should return an array of resources. Which it only does if the corresponding ClientModel object is not null. Since the resources are related to a certain client.
      https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_protection_resources_api

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor
                Reporter:
                tea_mo Timo Knapp
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: