I'm trying to setup fine grain permissions on keycloak programatically with node and keycloak-admin-client. However any attempts give me a 409 response with "unknown_error".
Here's how i'm approaching it:
// By this point i've enabled fine grain permissions on the clients, therefore the permissions exist on realm-management
const realmManagementPermissions = await kc.clients.findPermissions({ id: realmManagementClient.id, realm })
for (const p in realmManagementPermissions) {
// I want map-roles for all clients, so i filter like this:
if (realmManagementPermissions[p].name.startsWith("map-roles.permission")) {
// Now i just add the policy to the permissions
await kc.clients.updatePermission({ id: realmManagementClient.id, permissionId: realmManagementPermissions[p].id, type: "scope", realm }, {
policies: [adminPolicy.id]
})
}
}
Looking at the request and comparing to the one created by the equivalent in keycloak's front-end, i'm sure it has the correct route, and the correct ids for the client policy and permission. Yet i get 409 every time, and i'm really not sure why.