Keycloak的OAuth2/OpenID Connect端点是什么? [英] What are Keycloak's OAuth2 / OpenID Connect endpoints?
问题描述
我们正在尝试将Keycloak作为一种SSO解决方案进行评估,它在很多方面看起来都不错,但是非常缺乏基础知识的文档.
We are trying to evaluate Keycloak as an SSO solution, and it looks good in many respects, but the documentation is painfully lacking in the basics.
对于在域test
的http://localhost:8080/
上给定的Keycloak安装,什么是 OAuth2授权端点, OAuth2令牌端点和
For a given Keycloak installation on http://localhost:8080/
for realm test
, what are the OAuth2 Authorization Endpoint, OAuth2 Token Endpoint and OpenID Connect UserInfo Endpoint ?
我们对使用Keycloak自己的客户端库不感兴趣,我们想使用标准的OAuth2/OpenID Connect客户端库,因为使用keycloak服务器的客户端应用程序将以多种语言编写(PHP,Ruby,Node, Java,C#,Angular).因此,使用Keycloak客户端的示例对我们没有用.
We are not interested in using Keycloak's own client library, we want to use standard OAuth2 / OpenID Connect client libraries, as the client applications using the keycloak server will be written in a wide range of languages (PHP, Ruby, Node, Java, C#, Angular). Therefore the examples that use the Keycloak client aren't of use for us.
推荐答案
对于Keycloak 1.2,可以通过url检索以上信息
For Keycloak 1.2 the above information can be retrieved via the url
http://keycloakhost:keycloakport/auth/realms/ {realm}/.well-已知/openid配置
http://keycloakhost:keycloakport/auth/realms/{realm}/.well-known/openid-configuration
例如,如果领域名称是 demo :
For example, if the realm name is demo:
http://keycloakhost:keycloakport/auth/realms/demo /.well-known/openid-configuration
网址上方的示例输出:
{
"issuer": "http://localhost:8080/auth/realms/demo",
"authorization_endpoint": "http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth",
"token_endpoint": "http://localhost:8080/auth/realms/demo/protocol/openid-connect/token",
"userinfo_endpoint": "http://localhost:8080/auth/realms/demo/protocol/openid-connect/userinfo",
"end_session_endpoint": "http://localhost:8080/auth/realms/demo/protocol/openid-connect/logout",
"jwks_uri": "http://localhost:8080/auth/realms/demo/protocol/openid-connect/certs",
"grant_types_supported": [
"authorization_code",
"refresh_token",
"password"
],
"response_types_supported": [
"code"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"response_modes_supported": [
"query"
]
}
在 https://issues.jboss.org/browse/KEYCLOAK-571 中找到的信息
注意:您可能需要将客户端添加到有效重定向URI 列表
Note: You might need to add your client to the Valid Redirect URI list
这篇关于Keycloak的OAuth2/OpenID Connect端点是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!