I have a Jakarta EE Web Application running on Wildfly and secured by Keycloak. For this purpose I use the default Wildfly OIDC support from Elytron to protect my application. All works fine so far. I can access my application via Browser and I am redirected to the Keycloak server for login. After that I can access all my resources in my Web application.

My question is the following: How can I do the same in a Backend Java Service. I need to poll data from a backend service out form my application via the rest API.

I figured out that I can get an Access Token with the following Curl example:

curl -d 'client_id=my-clientid' -d 'username=anna' -d 'password=123' \
-d 'grant_type=password' -d 'client_secret=MY-SECRET' \
''

My assumption was, that I only need to add the Bearer Token into the header of a new request:

curl -X GET "/" \
  -H "Authorization: Bearer eyJhbGciOiJ.................."

But this second request against my Jakarta EE Web Application did not work. I will be redirected (302) again to the Keycloak Loign Page.

How is the correct way to access a Jakarta EE Web App with a Keycloak Token?

I guess this is a typical OpenID Connect workflow?