ilhan
ilhan

Reputation: 8995

Obtaining JWT of a user in Keycloak

As admin of a Keycloak server, how can I obtain access-token of a particular user without knowing his password? Unfortunately impersonation doesn't help me because it does not contain neither his id nor his username.

Upvotes: 1

Views: 696

Answers (1)

Aritz
Aritz

Reputation: 31679

There's a feature starting from keycloak 3.4.0 called token exchange wich allows you to exchange an access token from a user with impersonation permission to get other token on behalf of the other user. You can use the token endpoint this way:

curl -X POST \
    -d "client_id=starting-client" \
    -d "client_secret=geheim" \
    --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
    -d "subject_token=...." \
    --data-urlencode "requested_token_type=urn:ietf:params:oauth:token-type:access_token" \
    -d "audience=target-client" \
    -d "requested_subject=wburke" \
    http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token

You might find this post useful too.

Upvotes: 4

Related Questions