Generate Keycloak Bearer Token Using Postman

1. Introduction

In this article, we will generate a Keycloak bearer token that we can use to authorized our request. This token is mostly used to verify request in the backend REST API.

  • You must have a docker installed.
  • You must have installed Postman.

Take note of this URL format: Save the value of authorization_endpoint and token_endpoint, we will use them later.

2. Setup Keycloak

Before we begin, we need to run an instance of Keycloak in docker first.

docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 8081:8080 -d jboss/keycloak:10.0.2

Keycloak should run on port 8081.

Now, go to your browser and open http://localhost:8081 and you should arrive in Keycloak admin page.

3. Create a Keycloak Realm and Client

Next, we need to create the realm and client that we will be using to generate a token.

During the first serving of the page, Keycloak will ask you to save an admin user and password.

  1. Login to Keycloak.
  2. In the left panel, hover to Master, and click Add Realm.
  3. Enter czetsuyatech.
  4. On the left panel, click Clients.
  5. On the right side, click Create.
  6. Enter auth in the client id and hit Save.
  7. On the client detail page:
  8. Set Access Type=confidential.
  9. Valid Redirect URIs=* (for debugging purposes only)
  10. Web Origins=* (for debugging purposes only)
  11. *Make sure to secure items 2 and 3 in production.
  12. Copy the Secret value in the Credentials tab, we will use it later.

4. Create a Keycloak User

  1. On the left panel, under Manage click Users.
  2. Click Add User.
  3. In the username field, enter czetsuyatech and hit save.
  4. Open the Credentials tab, set the password to czetsuyatech, switch Temporary to OFF.
  5. Click Set Password.

4. Generate the Token

  1. In Postman, create a new request. It could be any HTTP method.
  2. Under Authorization tab, set TYPE=OAuth 2.0.
  3. On the right panel, click Get New Access Token.
  4. Callback URL=
  5. Or anything since we did not set it;
  6. It should match the value you will set in Keycloak;
  7. Normally, this is your frontend URL where Keycloak will redirect after login.
  8. Auth URL=
  9. Access Token URL=
  10. ClientID=auth
  11. Client Secret=[Get the value from 3.8]
  12. Scope=email
  1. Click Request Token
  2. Enter the user we created in step 4, czetsuyatech/czetsuyatech.
  3. Click Submit/Login.
  4. It should automatically fill up the Access Token field with the generated token.
  5. Header prefix must be set to “Bearer “.

Originally published at




Senior Java Developer with 15 years of professional experience | Startup enthusiast.

Love podcasts or audiobooks? Learn on the go with our new app.

Configuring AlwaysOn with Log Shipping solut

My Favorite Udemy Courses for Developers

What is an algorithm?

How to Easily Copy Custom Fields From One Site to Others with Meta Box Builder

VPC Network Peering | GCP

Moving from iOS developer to backend engineer

Delivering an Outstanding Open Banking Experience

GSoC 2020: Ready to hear some awesome news?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Senior Java Developer with 15 years of professional experience | Startup enthusiast.

More from Medium

Keycloak Authentication

Deploying Keycloak with SSL in just 10 minutes!

Keycloak Integration with External Existing Database

How to write Keycloak extension — Custom Event Listener