Validate the user session via Keycloak by username

Question

I'm trying to validate the user session via Keycloak.

In the below curl command, I can get the token of the user.

curl --data "grant_type=password&client_id=test-client&username=test&password=test&client_secret={clientSecret}" localhost:8080/realms/Test/protocol/openid-connect/token

Is there a curl command that I can check if the user has already a session in the Keycloak realm? (I don't need to pass the password in that command)

Answer 1

There are no API for find specific session by username

But client's a session user list API exist. You can search a specific username's session from that response list.

GET /{realm}/clients/{id}/user-sessions

https://www.keycloak.org/docs-api/18.0/rest-api/index.html

Demo by curl

curl --location --request GET 'http://localhost:8080/auth/admin/realms/Test/clients/2e8ec9da-0236-47ad-aa8f-906a724d4ccd/user-sessions' --header 'Authorization: Bearer '"$MASTER_TOKEN" | jq

I can get the master token by this commands

MASTER_TOKEN_URL=$(curl --location --request GET 'http://localhost:8080/auth/realms/master/.well-known/openid-configuration' | jq -r '.token_endpoint')
echo $MASTER_TOKEN_URL

MASTER_TOKEN=$(curl --location --request POST "$MASTER_TOKEN_URL" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'grant_type=password' | jq -r '.access_token')
echo $MASTER_TOKEN