tafli
Reputation: 162
Keycloak Update / Delete client after dynamic client registration
In Keycloak dynamic client registration works fine:
curl --request POST \
--url http://localhost:8080/auth/realms/myrealm/clients-registrations/default \
--header 'content-type: application/json' \
--data '{"clientId": "myclient"}'
As a response I receive the client representation with especially the registrationAccessToken:
{
"id": "4c6c36d0-6a53-41d9-be37-46bd0d67ebd2",
"clientId": "myclient",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "1f85aa4e-6cdc-4f6c-83ba-f3c67d4561f2",
"registrationAccessToken": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI2YWIyYTVjZC0xNjgwLTQ5MTYtYmUzYi0wZmFmMjVmZDczMzQifQ.eyJqdGkiOiI3YjVlMjE5Ny0yZjA5LTQwNTgtYmU0ZC02MDM1M2QzMGFkNWIiLCJleHAiOjAsIm5iZiI6MCwiaWF0IjoxNTg0NTQxNTY5LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvOTQ5IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zLzk0OSIsInR5cCI6IlJlZ2lzdHJhdGlvbkFjY2Vzc1Rva2VuIiwicmVnaXN0cmF0aW9uX2F1dGgiOiJhbm9ueW1vdXMifQ.NCqZ6yJrKz9t3vs65kwM88PNvsZMmxig3vqOmc_iLyE",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
According the documentation one should be able to read, update and delete the client with the registrationAccessToken:
It will return a Client Representation that also includes the registration access token. You should save the registration access token somewhere if you want to retrieve the config, update or delete the client later.
However, when trying to read the just created client, I receive a 401 Unothorized when using the registrationAccessToken received from registration.
curl --request GET \
--url http://localhost:8080/auth/realms/myrealm/clients-registrations/default/4c6c36d0-6a53-41d9-be37-46bd0d67ebd2 \
--header 'authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI2YWIyYTVjZC0xNjgwLTQ5MTYtYmUzYi0wZmFmMjVmZDczMzQifQ.eyJqdGkiOiI3YjVlMjE5Ny0yZjA5LTQwNTgtYmU0ZC02MDM1M2QzMGFkNWIiLCJleHAiOjAsIm5iZiI6MCwiaWF0IjoxNTg0NTQxNTY5LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvOTQ5IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zLzk0OSIsInR5cCI6IlJlZ2lzdHJhdGlvbkFjY2Vzc1Rva2VuIiwicmVnaXN0cmF0aW9uX2F1dGgiOiJhbm9ueW1vdXMifQ.NCqZ6yJrKz9t3vs65kwM88PNvsZMmxig3vqOmc_iLyE'
< HTTP/1.1 401 Unauthorized
{
"error": "invalid_token",
"error_description": "Not authorized to view client. Not valid token or client credentials provided."
}
Any idea what I am missing?
Upvotes: 0
Views: 2268
Answers (1)
Kohei TAMURA
Reputation: 5122
Try changing from:
--url http://localhost:8080/auth/realms/myrealm/clients-registrations/default/4c6c36d0-6a53-41d9-be37-46bd0d67ebd2 \
to:
--url http://localhost:8080/auth/realms/myrealm/clients-registrations/default/myclient \
Upvotes: 1
Related Questions
- username update via API in keycloak
- Create Client programmatically in Keycloak
- Delete specific user from keycloak
- Keycloak - Set static client secret
- Keycloak Admin CLI: setting Client Attributes
- How to prevent Keycloak from creating default Clients in new Realm?
- Remove Client via Rest API
- Keycloak: how to get client_id where the user registered?
- Keycloak authenticating to client and keeping a session open
- Keycloak modify registration data