Reputation: 371
how to get initial access token from keycloak client registration using rest api?
I want to create a client through REST API, for that i need to pass an intial access token(generated by client registration in keycloak) with my request.
My question here is how can i generate that intial access token through REST API. Can anyone help?
This is the token that I'm passing with my url:
Here is the screenshot of the response when I try to get the initial access token needed for registering a client by passing a body of parm count and expiration with login token for admin-cli in header:
Upvotes: 0
Views: 9954
Answers (2)
Reputation: 371
In order to get the initial access token for client registration ,first we need to set the client role of admin-cli as realm-{name} and select client-create from it. Then get the admin bearer token for admin-cli and pass it along with the url for initial access token.
Upvotes: 0
Reputation: 281
With a simple GET REST-Request, you can get a token you can use for later requests
GET "grant_type=password&client_id=admin-cli&username=$USERNAME&password=$PASSWORD" "$HOST/auth/realms/$REALM/protocol/openid-connect/token"
as bash (jq must be installed):
#get admin bearer token
AUTH_RESPONSE_KC_ADMIN=$(curl --silent -d "grant_type=password&client_id=admin- cli&username=$USERNAME&password=$PASSWORD" "$HOST/auth/realms/master/protocol/openid-connect/token")
if [[ $AUTH_RESPONSE_KC_ADMIN != *"access_token"* ]]; then
echo "No access token for keycloak admin!"
echo $AUTH_RESPONSE_KC_ADMIN
exit -1
fi
TOKEN_KC_ADMIN=$(echo $AUTH_RESPONSE_KC_ADMIN | jq -r '.access_token')
AUTH_TOKEN_KC_ADMIN="Authorization: Bearer $TOKEN_KC_ADMIN"
But this access token is only valid for some time (depending on keycloak settings)
To create a client with REST:
#use: create_client clientName
function create_client {
CLIENT='{"enabled":true,"attributes":{},"redirectUris":["*"],"clientId":"'$1'","protocol":"openid-connect", "secret":"'$SECRET'","clientAuthenticatorType":"client-secret","publicClient":"false"}'
curl -i --silent -d "$CLIENT" -H "$AUTH_TOKEN_KC_ADMIN" -H "$CONTENT_TYPE" $HOST/auth/admin/realms/$REALM/clients | head -1
}
Upvotes: 3
Related Questions
- Keycloak: Validate access token and get keycloak ID
- Keycloak Get Users returns 403 forbidden
- Keycloak :REST API call to get access token of a user through admin username and password
- Keycloak get user password
- How to get users from Keycloak REST API - Keycloak API response 403
- How to get an unobfuscated client-secret for keycloak client-secret REST call
- How to get user clientroles via REST-API from keycloak?
- How to get Id_token after successful signup in keycloak?
- How to get client secret from Keycloak using curl?
- Get authorization code from Keycloak token endpoint