How can authorized API resources be utilized with a public client in Keycloak?

edit

Authorized API resources can be utilized with a public client in Keycloak using the following steps:

1. Create a public client in Keycloak by navigating to Clients in the Keycloak admin console, clicking on the Create button, and selecting the Public radio button.

2. Ensure that the client has the appropriate protocol mapper(s) to obtain an access token. This can be done by navigating to the client's settings and then the Mappers tab. Add the mapper "Audience" to the client, which will include the API resources to which the client is authorized.

3. Set up the API resources that the client is authorized to access by adding them to the relevant realm or client. This can be done by navigating to the desired realm or client and then adding the appropriate resources under the Resources tab.

4. Obtain an access token for the public client by sending a client_credentials grant request to the Keycloak token endpoint. Use the client's credentials to authenticate the request.

5. Include the access token in requests to the API resources that the client is authorized to access by adding it to the Authorization header in the format "Bearer {access_token}". The API resources can then use the token to verify the authorization of the client and grant access to the requested resource.