Skip to content

1

Jump to bottom
zhoumingjun edited this page Jul 29, 2019 · 1 revision

OIDC URI ENDPOINTS

oidc openid configuration

/auth/realms/{realm-name}/.well-known/openid-configuration

export host=10.107.1.195
export port=8080
export realm=example

curl -X GET "http://$host:$port/auth/realms/$realm/.well-known/openid-configuration" | jq

oidc endpoinst

/realms/{realm-name}/protocol/openid-connect/token This is the URL endpoint for obtaining a temporary code in the Authorization Code Flow or for obtaining tokens via the Implicit Flow, Direct Grants, or Client Grants.

/realms/{realm-name}/protocol/openid-connect/auth This is the URL endpoint for the Authorization Code Flow to turn a temporary code into a token.

/realms/{realm-name}/protocol/openid-connect/logout This is the URL endpoint for performing logouts.

/realms/{realm-name}/protocol/openid-connect/userinfo This is the URL endpoint for the User Info service described in the OIDC specification.

In all of these replace {realm-name} with the name of the realm.

keycloak restful api

export host=10.107.1.195
export port=8080
export realm=example



curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d 'grant_type=password' \
    -d 'client_id=admin-cli' \
    -d "username=user" \
    -d 'password=passw0rd' | jq

curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d 'grant_type=password' \
    -d 'client_id=client-public' \
    -d "username=user" \
    -d 'password=passw0rd' | jq




curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=testclient" \
    -d "client_secret=20965106-2c9f-4426-b745-ef9f5691eb68"  | jq .access_token -r | jwt


curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=client2" \
    -d "client_secret=004ce361-c89f-45c5-b936-f284ae0c91f9"  | jq .access_token -r | jwt

# client c1

curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=$client_c1_id" \
    -d "client_secret=$client_c1_secret" \
    -d "scope=openid roles" | jq .access_token -r | jwt

curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d 'grant_type=password' \
    -d 'client_id=client_c1' \
    -d "client_secret=f4bbebbc-ab12-4f29-bb5d-5a63585c1a07"  \
    -d "username=user" \
    -d 'password=passw0rd' | jq

curl -v -H "authorization: bearer $token" http://localhost:8000

# clien c2



curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=client_c2_full" \
    -d "client_secret=ed01cb98-0fd3-4346-9328-78133968a517"  | jq .access_token -r | jwt

curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d 'grant_type=password' \
    -d "client_id=client_c2_full" \
    -d "client_secret=ed01cb98-0fd3-4346-9328-78133968a517" \
    -d "username=user" \
    -d 'password=passw0rd' | jq .access_token -r | jwt

curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d 'grant_type=password' \
    -d "client_id=client_c2_full" \
    -d "client_secret=ed01cb98-0fd3-4346-9328-78133968a517" \
    -d "username=user_norole" \
    -d 'password=passw0rd' | jq .access_token -r | jwt

# other

curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=client-bearer" \
    -d "client_secret=04e0ea59-1702-469d-a81d-e24f1ee6631f"  | jq

curl -X POST "http://$host:$port/auth/realms/$realm/protocol/openid-connect/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=client-bearer" \
    -d "client_secret=04e0ea59-1702-469d-a81d-e24f1ee6631f"  | jq

gluu

curl -X POST "https://iam.sensetime.com/oxauth/restv1/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=client1" \
    -d "client_secret=KyaWV3selcjo6Xh6sW5FWPFv"  | jq

oicd auth flow

(auth overview )[https://developer.okta.com/authentication-guide/auth-overview/#authorization-code-flow]

Authorization Code Flow
Implicit Flow
Resource Owner Password Credentials Grant (Direct Access Grants)
Client Credentials Grant

<<AllPages()>>

Clone this wiki locally