CODEWITHSUNDEEP
javakeycloakkeycloak-services
Programmer
Programmer

Reputation: 697

Create Client programmatically in Keycloak

How do I create clients programmatically in keycloak using java application?

Upvotes: 8

Views: 14407

Answers (4)

Nishen Peiris
Nishen Peiris

Reputation: 11

You can accomplish this via the client-credentials grant type. For this, your client needs to be configured as follows:

  • Turn ON the Service Accounts Enabled option under the Settings tab of your client.

  • Assign necessary realm-management client roles to your client. For this, switch to Service Admin Roles tab, select realm-management from the dropdown, and assign manage-clients role under Client Roles.

Then, you should be able to use this client to create another client in the same realm. Please refer to the below sample curls.

Retrieve a token:

curl --location '<Keycloak URL>/auth/realms/<realm>/protocol/openid-connect/token' \
        --header 'Accept: application/json' \
        --header 'Content-Type: application/x-www-form-urlencoded' \
        --header 'Authorization: Basic <Base64 encode(client ID:client secret)>' \
        --data 'grant_type=client_credentials&scope=openid'

Create the client:

    curl --location '<Keycloak URL>/auth/admin/realms/<realm>/clients' \
--header 'Authorization: Bearer <token retrieved above>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{<export of your existing client>}'

Upvotes: 1

Elieser Jose Pereira Reyes
Elieser Jose Pereira Reyes

Reputation: 71

Using curl

#get token
RESULT=`curl --data "username=<your_admin_user>&password=<your_passwod>&grant_type=password&client_id=admin-cli" http://localhost:8090/auth/realms/master/protocol/openid-connect/token`
TOKEN=`echo $RESULT | sed 's/.*access_token":"//g' | sed 's/".*//g'`
#create user
curl -X POST -d '{ "clientId": "myclient" }' -H "Content-Type:application/json" -H "Authorization: bearer ${TOKEN}" http://localhost:8090/auth/realms/master/clients-registrations/default

Upvotes: 2

C&#233;dric Couralet
C&#233;dric Couralet

Reputation: 5233

One way to do it is via the api :

  • Get token for an account with the rights to add client to the realm

      POST https://<keycloak-url>/auth/realms/master/protocol/openid-connect/token
  Host: <keycloak-url>
  Content-Type: application/x-www-form-urlencoded
  Cache-Control: no-cache

  client_id=admin-cli&grant_type=password&username=<user>&password=<password>

  • Add a new client (the request body comes from an export of an existing client)

      POST https://keycloak-url/auth/admin/realms/<realm-name>/clients
  Host: <keycloak-url>
  Content-Type: application/json
  Cache-Control: no-cache
  Authorization: Bearer <token>

  {
       "clientId": "test-add",
       "[...]"
   }

The response status should be a 201 with an header location to the new client.

Documentation can be found here : https://www.keycloak.org/docs-api/14.0/rest-api/index.html#_clients_resource

Upvotes: 9

G&#246;khan Ayhan
G&#246;khan Ayhan

Reputation: 1299

I did it like this,

public boolean createClient(String clientId, String realmName) throws IOException {
    try {
        Keycloak keycloakInstanceDefault = KeycloakInstance.getInstance();
        RealmResource createdRealmResource = keycloakInstanceDefault.realms().realm(realmName);
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(clientId);
        clientRepresentation.setProtocol("openid-connect");
        clientRepresentation.setSecret(clientId);
        createdRealmResource.clients().create(clientRepresentation);

    } catch (IOException e) {
        e.printStackTrace();
        return false;
    }

    return true;
}

KeycloakInstance.getInstance(); returns Keycloak Object.

Upvotes: 2

Related Questions