I’m trying to make a request from postman to keycloack for authorization test and still getting this error:
{
"error": "invalid_request",
"error_description": "You must provide the issuedFor"
}
PostMan request parameters:
Postman bearer token header:
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
I know you’ve already picked an answer, but for the ones landing here from a web search on the Keycloak’s issuedFor problem.
The root cause of the error message shown is the typo in the parameter name “audience” (not “audiance)”. That nowadays would make Keycloak to fail fetching the client ID at https://github.com/keycloak/keycloak/blob/3631618b245fa768bff7009b9e87d01dd4387fe3/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java#L330. Just fix the spelling and you should be fine.
For the record, the “audience” parameter is required in the requests to evaluate permissions as stated in the Keycloak’s documentation for the Authorization Services: https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_obtaining_permissions.
Method 2
Ook i found the problem and resolved it. Keycloak does not give access to some type of requests when going out of the network. You must put it in https. When on your local machine, it does work but as soon as you go out of localhost to the network to reach keycloak, you must pass to https.
So what i did is, in my request url, i changed the link to keycloak from http to https and hence changed the port from 8080 to 8443 (the port for https serving). Hope it would help someone. Special thanks to @RossPresser 🙂
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0