3

Does keycloak support 'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer'?

In my tests I receive status: 400 and msg {'error': 'unsupported_grant_type', 'error_description': 'Unsupported grant_type'}. Also in documentation, I was not able to find any information about this type of grant type.

Thanks

mgumienia
  • 31
  • 2
  • https://stackoverflow.com/questions/29360349/getting-error-unsupported-grant-type-when-trying-to-get-a-jwt-by-calling-an , try to check this one – vicky9988 May 20 '22 at 11:58
  • Check out the comments in this thread to determine wheter you really need the bearer token: https://stackoverflow.com/questions/58911507/keycloak-bearer-only-clients-why-do-they-exist – gna May 20 '22 at 12:02
  • Unfortunately adding to headers {"content-type": "application/x-www-form-urlencoded"} didn't help – mgumienia May 20 '22 at 12:22

1 Answers1

0

Looks like this is what you are looking for - https://www.keycloak.org/docs/latest/securing_apps/#client-authentication-with-signed-jwt

I have not tried it myself yet, but accordingly to the specification "grant_type" has to be "authorization_code", but "client_assertion_type" is "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".

Ackman
  • 1,562
  • 6
  • 31
  • 54
Pavlo Lozovskiy
  • 1
  • 1
  • This doesn't answer the question. The question is refering to section 2.1 of RFC7523 https://datatracker.ietf.org/doc/html/rfc7523#section-2.1 and your answer is refering to section 2.2 This seems similar but is a completly different thing. The first is authenticating the subject the second is authenticating the client. – Gandalf May 14 '23 at 22:05