为了获得自定义客户端中的角色,我知道我需要执行两个 API。一种是获取访问令牌,一种是获取角色。我的疑问是,我应该通过在标头中发送 admin-CLI 详细信息来获取 accessToken 还是因为我想要我创建的自定义客户端的角色?因为,我在尝试获取角色时收到unknown_error。
获取accessToken:
curl -X POST \
http://localhost:8080/auth/realms/test-keycloak-example/protocol/openid-connect/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=test-keycloak-example&client_secret=shhh'
获取角色:
curl -X GET \
http://localhost:8080/auth/admin/realms/test-keycloak-example/clients/cb11fd17-46df-419a-9c67-4a69d1be66ae/roles \
-H 'authorization: Bearer <token received from previous call> \
-H 'cache-control: no-cache' \
-H 'postman-token: 248fef6b-9c24-3aa3-91ae-a6f11e01e55c'
响应是:
{
"error": "unknown_error"
}
Using Postman and three conditions should support it.
#1 "test-user" needs a "view-clients" role. It comes from "realm-management" client.
#2 Using "admin-cli" client and Change Access Type with "confidential" and turn on "Authorization Enabled" is "ON"
#3 using "admin-cli"'s secret for Postman token call.
#4 使用 #3 的秘密和 #1 用户的凭据(用户名和密码)获取令牌
- the token "expires_in" is very short, you need to makes a longer by UI.
it is admin-cli's advanced settings(for just testing purpose)
#5 你需要保存一个用于调用客户端/角色API的令牌
- it is same #4's API on Tests Tab of Postman.
#6 Call list client/role API with #5's token.
#7 find "custom-client" id from #6
#8 call custom role API using #7 id.
it should be match with UI's roles.
祝你好运!
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)