【问题标题】:Access the keycloak API from postman从 postman 访问 keycloak API
【发布时间】:2018-08-25 02:18:53
【问题描述】:

我试图从邮递员那里访问 keycloak API。但它显示 400 错误请求。

我以以下格式调用 api。

http://{hostname}:8080/auth/realms/master/protocol/openid-connect/token?username=admin&password=admin&client_id=admin-cli&grant_type=password

在标题中我设置了content_type as application/x-www-form-urlencoded

我收到如下回复。

{
    "error": "invalid_request",
    "error_description": "Missing form parameter: grant_type"
}

任何人都可以帮助我。任何帮助将不胜感激。提前谢谢

【问题讨论】:

  • 您是否使用 curl 为多个应用程序完成了 keycloak 身份验证。我已经使用 curl 进行了身份验证,但是当我使用另一个应用程序访问时,我必须使用第二个应用程序重新登录。如何使用带 curl 的 keycloak 登录进行多重应用程序身份验证

标签: java postman keycloak keycloak-services


【解决方案1】:

您使用的 URL 是为了获取令牌。

令牌请求应该是 POST 调用,您发布的请求是 GET 请求。下面是一个关于如何请求 access_token 的 CURL 示例

curl -X POST \
   http://{hostname}:8080/auth/realms/{realm}/protocol/openid-connect/token \
   -H 'Content-Type: application/x-www-form-urlencoded' \
   -d 'username=admin&password=admin&grant_type=password&client_id=admin-cli'

【讨论】:

    【解决方案2】:

    这个问题有点晚了,但你确实问过邮递员而不是卷曲。 所以你必须把选项放在 x-www-form-urlencoded

    【讨论】:

    • 谢谢。这对我有用。:) 我还在正文中传递了 client_secret
    • 在我的情况下 client_secret 是必需的,没有它会引发错误。
    【解决方案3】:

    你通过 POST 客户端调用 API

    URL - http://localhost:8080/auth/realms/Demo/protocol/openid-connect/token

    所以在上面的网址中,我使用Demo 作为我的领域,而不是master

    ContentType - "Content-Type":"application/x-www-form-urlencoded"

    参数

    {
    "client_secret" : "90ec9638-7647-4e65-ad20-b82df3341084",
    "username" : "ankur",
    "password" : "123456",
    "grant_type" : "password",
    "client_id": "app-client"
    }
    

    如下设置标题

    数据需要如下图传递

    【讨论】:

    • 一旦你有了 access_token 等,你将如何将这些参数添加到每个资源请求中?
    【解决方案4】:

    你也可以使用 CURL 来获取信息

    curl -L -X POST 'http://<serveraddress>/auth/realms/<realmname>/protocol/openid-connect/token' -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=<clientid>' --data-urlencode 'grant_type=password' --data-urlencode 'client_secret=<clientsecret>' --data-urlencode 'scope=openid' --data-urlencode 'username=<username>' --data-urlencode 'password=<password>'
    

    【讨论】:

      【解决方案5】:

      我是否创建了一个 Postman 集合来帮助我们开始使用 keycloak API。任何人都可以保存follow json,并在Postman 上导入:

      {
      "info": {
          "_postman_id": "07a9d691-5b1c-4869-990b-551da29590fe",
          "name": "Keycloak",
          "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
      },
      "item": [
          {
              "name": "GET REALM",
              "request": {
                  "method": "GET",
                  "header": [],
                  "url": {
                      "raw": "{{KEYCLOAK_URL}}admin/realms/{{KEYCLOAK_REALM}}",
                      "host": [
                          "{{KEYCLOAK_URL}}admin"
                      ],
                      "path": [
                          "realms",
                          "{{KEYCLOAK_REALM}}"
                      ]
                  }
              },
              "response": []
          },
          {
              "name": "GET USERS",
              "event": [
                  {
                      "listen": "prerequest",
                      "script": {
                          "id": "dfda403a-35b8-4704-840d-102eddac32e6",
                          "exec": [
                              ""
                          ],
                          "type": "text/javascript"
                      }
                  }
              ],
              "protocolProfileBehavior": {
                  "disableBodyPruning": true
              },
              "request": {
                  "method": "GET",
                  "header": [],
                  "body": {
                      "mode": "urlencoded",
                      "urlencoded": []
                  },
                  "url": {
                      "raw": "{{KEYCLOAK_URL}}admin/realms/{{KEYCLOAK_REALM}}/users",
                      "host": [
                          "{{KEYCLOAK_URL}}admin"
                      ],
                      "path": [
                          "realms",
                          "{{KEYCLOAK_REALM}}",
                          "users"
                      ]
                  }
              },
              "response": []
          }
      ],
      "auth": {
          "type": "bearer",
          "bearer": [
              {
                  "key": "token",
                  "value": "{{KEYCLOAK_TOKEN}}",
                  "type": "string"
              }
          ]
      },
      "event": [
          {
              "listen": "prerequest",
              "script": {
                  "id": "c3ae5df7-b1e0-4af1-988b-c592df3fd98e",
                  "type": "text/javascript",
                  "exec": [
                      "const echoPostRequest = {",
                      "  url: pm.environment.get('KEYCLOAK_URL') + 'realms/master/protocol/openid-connect/token',",
                      "  method: 'POST',",
                      "  header: 'Content-Type:application/x-www-form-urlencoded',",
                      "  body: {",
                      "    mode: 'urlencoded',",
                      "    urlencoded: [",
                      "        {key:'username', value:pm.environment.get('KEYCLOAK_USER')}, ",
                      "        {key:'password', value:pm.environment.get('KEYCLOAK_PASSWORD')}, ",
                      "        {key:'client_id', value:'admin-cli'}, ",
                      "        {key:'grant_type', value:'password'}",
                      "    ]",
                      "  }",
                      "};",
                      "",
                      "var getToken = true;",
                      "",
                      "if (!pm.environment.get('KEYCLOAK_TOKEN_EXPIRY') || ",
                      "    !pm.environment.get('KEYCLOAK_TOKEN')) {",
                      "    console.log('Token or expiry date are missing')",
                      "} else if (pm.environment.get('KEYCLOAK_TOKEN_EXPIRY') <= (new Date()).getTime()) {",
                      "    console.log('Token is expired')",
                      "} else {",
                      "    getToken = false;",
                      "    console.log('Token and expiry date are all good');",
                      "}",
                      "",
                      "if (getToken === true) {",
                      "    pm.sendRequest(echoPostRequest, function (err, res) {",
                      "    console.log(err ? err : res.json());",
                      "        if (err === null) {",
                      "            console.log('Saving the token and expiry date')",
                      "            var responseJson = res.json();",
                      "            pm.environment.set('KEYCLOAK_TOKEN', responseJson.access_token)",
                      "    ",
                      "            var expiryDate = new Date();",
                      "            expiryDate.setSeconds(expiryDate.getSeconds() + responseJson.expires_in);",
                      "            pm.environment.set('KEYCLOAK_TOKEN_EXPIRY', expiryDate.getTime());",
                      "        }",
                      "    });",
                      "}"
                  ]
              }
          },
          {
              "listen": "test",
              "script": {
                  "id": "fdb69bb4-14a5-43b4-97e2-af866643e390",
                  "type": "text/javascript",
                  "exec": [
                      ""
                  ]
              }
          }
      ],
      "variable": [
          {
              "id": "698bbb41-d3f9-47f8-9848-4a1c32f9cca4",
              "key": "token",
              "value": ""
          }
      ],
      "protocolProfileBehavior": {}}
      

      我创建了一个预脚本来获取令牌并根据请求进行设置,如下图所示:

      您应该创建以下环境变量: KEYCLOAK_USER、KEYCLOAK_PASSWORD 和 KEYCLOAK_URL,其中 url 必须是 https://{你的 keycloak 安装}/auth/

      【讨论】:

        猜你喜欢
        • 2018-09-25
        • 2020-05-28
        • 2022-09-28
        • 1970-01-01
        • 1970-01-01
        • 2015-11-11
        • 2021-09-03
        • 2018-06-21
        • 2019-10-12
        相关资源
        最近更新 更多