keycloak-scim/authorization_services/topics/hello-world-create-resource-server.adoc

[[_getting_started_hello_world_enabling_authz_services]]
= Enabling authorization services

You can enable authorization services in an existing client application configured to use the OpenID Connect Protocol. You can also create a client using the following procedure.

.Procedure

. Click *Clients* in the menu.

ifeval::[{project_community}==true]
. Fill in the *Client type*.
endif::[]
ifeval::[{project_product}==true]
. Fill in the *Client ID*, *Client Protocol*, and *Root URL* fields.
endif::[]

ifeval::[{project_community}==true]
. Click *Next*.
. Toggle *Client authentication* to *ON*.
. Toggle *Authorization* to *ON*.
. Click *Save*.
. Scroll down to the *Capability config* section.
. Fill in the *Root URL* field.
. Click *Save*.
endif::[]

+
.Create client application
image:{project_images}/getting-started/hello-world/create-client.png[alt="Create client application"]

ifeval::[{project_product}==true]
. Click *Save*.
+
The Client Settings page is displayed.
. Select *confidential* in the *Access Type* field and toggle *Authorization Enabled* to *ON*
. Click *Save*.
endif::[]
+
A new *Authorization* tab is displayed for the client.
+
.Client Settings
image:{project_images}/getting-started/hello-world/enable-authz.png[alt="Client Settings"]

. Click the *Authorization* tab.
+
An Authorization Settings page similar to the following is displayed:
+
.Authorization settings
image:{project_images}/getting-started/hello-world/authz-settings.png[alt="Authorization settings"]

When you enable authorization services for a client application, {project_name} automatically creates several default settings for your client authorization configuration.

[role="_additional-resources"]
.Additional resources
* <<_resource_server_enable_authorization, Enabling authorization services>>
* <<_resource_server_default_config, Default configuration>>