Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Using Roles() results 403 Forbidden resource
See original GitHub issueUsing token validation method: ONLINE - @Roles({ roles: [‘basic’] }) returns 403 Forbidden for currently authenticated user with basic, although the role is assigned to realm and client.
{
"exp": 1628960884,
"iat": 1628960584,
"auth_time": 1628960583,
"jti": "365e237e-fcd0-441a-xxx-xxxxxxxxx",
"iss": "http://localhost:8080/auth/realms/xxxxx",
"sub": "33f9166d-4f4a-454f-9528-xxxxxxxxxxxx",
"typ": "Bearer",
"azp": "xyz-client",
"session_state": "76f16231-xx-485c-b67f-xxxxx",
"acr": "1",
"allowed-origins": [
"http://localhost:3000"
],
"realm_access": {
"roles": [
"basic"
]
},
"resource_access": {
"xyz-client": {
"roles": [
"basic",
"pro"
]
}
},
"scope": "profile email",
"sid": "76f16231-xxx-xxxx-b67f-xxxxxxx",
"email_verified": true,
"name": "John Doe",
"preferred_username": "john",
"given_name": "John",
"family_name": "Doe",
"email": "john.doe@example.com"
}
Issue Analytics
- State:
- Created 2 years ago
- Comments:10 (6 by maintainers)
Top Results From Across the Web
403 Forbidden Error: What Is It & How To Fix It
Does the term '403 forbidden' seem familiar? This is a client-side error that denies you access to specific areas of a website.
Read more >How to Fix the 403 Forbidden Error (2 Methods That Work)
The 403 forbidden error can bar access to a website. In this post, we'll show you a few easy ways to fix this...
Read more >403 Forbidden Error: What It Is and How to Fix It - Airbrake Blog
The 403 Forbidden Error is an HTTP response status code that indicates an identified client does not have proper authorization to access the ......
Read more >HTTP Error 403 Forbidden: What It Means and How to Fix It
The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it...If authentication credentials ...
Read more >Troubleshoot the 403 Forbidden error when uploading files ...
Open the AWS Identity and Access Management (IAM) console. · Select the identity that's used to access the bucket policy, such as User...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’ll take a look into this.
The realm setup is too long, its inside the example folder of this repository. You should find out more in Keycloak’s AuthZ documentation: https://www.keycloak.org/docs/latest/authorization_services/index.html