-
Notifications
You must be signed in to change notification settings - Fork 0
Keycloak Authentication
The Keycloak well-known configuration endpoint lists OpenID Connect endpoints:
/realms/{realm-name}/.well-known/openid-configuration
Depending on the configuration of the web service, access can be granted using Bearer tokens and optionally also as Basic Auth.
The token should be obtained from a designated issuer.
There are few available OAuth 2.0 flows. Use the one which is most appropriate for your application.
Open the following URL in a web browser, login and get the code:
<authorization-endpoint>?client_id=<client-id>&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=openid
Change the value of redirect_uri to have an actual redirect instead of getting the code in body.
curl --location --request POST '<token-endpoint>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'code=<code>' \
--data-urlencode 'redirect_uri=urn:ietf:wg:oauth:2.0:oob'curl --location --request POST '<token-endpoint>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'username=<user>' \
--data-urlencode 'password=<pass>' \
--data-urlencode 'scope=openid'curl --location --request POST '<token-endpoint>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'client_secret=<client-secret>'In the Authorization header, with Bearer method:
Authorization: Bearer <token>
Pass the base64-encoded credentials as part of the requests in the Authorization header, with Basic method:
Authorization: Basic <base64(<user>:<pass>)>
The service uses OAuth 2.0 Resource Owner Password Credentials Grant to contact the Identity Provider and exchange credentials for id_token and refresh_token.
TBA