I created a confidential OIDC client test-uma-rs for a resource server with "Authorization Enabled".
Now, following https://www.keycloak.org/docs/latest/authorization_services/#_service_protection_whatis_obtain_pat, I get a PAT using the client credentials grant with the client's id and secret with the following claims:
I can register a resource using this PAT:
However, if, following https://www.keycloak.org/docs/latest/authorization_services/#creating-permission-ticket, I try to request a permission ticket for the registered resource using the same PAT (which is not expired),
the request fails with