cannot create user in the keycloak. Getting 403 status

Question

I am trying to access the create a user in the keycloak programmatically. But I am getting 403 as a status code. I am following the below link.

https://technology.first8

Answer 1

I faced the same issue with KeyCloak 9.0.3. What finally worked for me was:

1. Use the admin-cli client with client credentials on the target realm (where I am trying to create the user)

curl \
  -d "client_id=admin-cli\
  -d "client_secret=" \
  -d "grant_type=client_credentials" \
  "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token"

I am not sure why, but using the admin client on the master realm simply did not work for me.

2. Set up the admin-cli client in the target realm with the role as mentioned in the correct answer above.

3. In addition to adding the new role to Scope, I also had to add the role to Service Account Roles.

BTW client credentials access token is not even mentioned as an option in the Admin Rest API docs for Keycloak 9.0.3, but it does work.