I'm running bitnami's Keycloak image on my local. what I want to do is; use Keycloak REST APIs. but no matter how hard I try, I'm getting 401.

I have done what's written in the doc. so this is a screenshot of the client. access type is confidential, and a service account is enabled. this is testapi client that I created;

here you can see the service account roles; to view and manage users, I assigned manage-users and view-user roles.

firstly, to get the access_token , I'm using client_id and client_credential. as you can see from here; I have no problem getting the access token.

but when I try to get the user list or create a new user, I always get 401. here you can see that I used the SAME access_token that I got from the http://localhost:8092/auth/realms/test/protocol/openid-connect/token

it doesn't make sense. I started to think about smashing the computer.

any help would be greatly appreciated

For anyone having the exact same issue and ending up on this page, here is the solution:

1. Keep all your keycloak settings at default, no matter you are using bitnami/keycloak, or keycloak/keycloak, there is absolutely nothing you have to change in admin console.

2. Call this endpoint with the GET method: ⬇️

   curl -X GET http://keycloak:8080/realms/master/.well-known/openid-configuration
   

   Make sure the issuer endpoint is correct.

3. Request the token via this command: ⬇️

   access_token=`curl -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=admin-cli" -d "username=user" -d "password=bitnami" -d "grant_type=password" -d "scope=openid" "http://keycloak:8080/realms/master/protocol/openid-connect/token" | jq -r .access_token`
   

   Make sure you didn't forget the scope=openid.

4. Validate this token by calling userinfo within 60 seconds: ⬇️

   curl -H "Authorization: bearer ${access_token}" -H "Content-Type: application/x-www-form-urlencoded" -d "scope=openid" "http://keycloak:8080/realms/master/protocol/openid-connect/userinfo"
   

   Make sure you didn't forget the scope=openid too.