ilhan
Reputation: 8995
Obtaining JWT of a user in Keycloak
As admin of a Keycloak server, how can I obtain access-token of a particular user without knowing his password? Unfortunately impersonation doesn't help me because it does not contain neither his id nor his username.
Upvotes: 1
Views: 696
Answers (1)
Aritz
Reputation: 31679
There's a feature starting from keycloak 3.4.0 called token exchange wich allows you to exchange an access token from a user with impersonation permission to get other token on behalf of the other user. You can use the token endpoint this way:
curl -X POST \
-d "client_id=starting-client" \
-d "client_secret=geheim" \
--data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
-d "subject_token=...." \
--data-urlencode "requested_token_type=urn:ietf:params:oauth:token-type:access_token" \
-d "audience=target-client" \
-d "requested_subject=wburke" \
http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token
You might find this post useful too.
Upvotes: 4
Related Questions
- Generate JWT Token in Keycloak and get public key to verify the JWT token on a third party platform
- Keycloak - Retrieve JWT token via OIDC Endpoint
- Validate the user session via Keycloak by username
- Keycloak: Obtain JWT Using Newly Created Client and User
- In Keycloak, can you use a JWT to get a caller's identity?
- How to verify JWT signed by keycloak using java
- How to generate jwt token through keycloak rest api?
- Determine from JWT generated by Keycloak if a user is authorized to access specific resource
- how to fetch JWT tokens from keycloak API in a springboot application
- Keycloak: Authenticate user with a custom JWT