Keycloak访问模拟API [英] Keycloak access impersonate API
问题描述
我们开始使用keycloak 3.4.3,我们需要在应用程序中引入模拟功能。我们发现keycloak具有模拟的api,不幸的是它不会为用户返回令牌,而是为用户可以选择自己的客户端的重定向链接。
We started using keycloak 3.4.3 and we need to introduce an impersonate function in our application. We found that keycloak has an impersonate api which unfortunate it does not return a token for the user but a redirect link for which the user can "select" his own client.
我们在这里找到
https://blog.softwaremill.com/who-am-i-keycloak-impersonation-api-bfe7acaf051a
一种方式(在scala)来检索新令牌(仅适用于keycloak 3.4 +):
a way (in scala) to retrieve a fresh token (only for keycloak 3.4+):
private def exchangeToken(token: String, userId: String): Future[TokenResponse] = {
import io.circe.generic.auto._
sttp
.post(uri"${config.authServerUrl}/realms/${config.realm}/protocol/openid-connect/token")
.body(
"grant_type" -> "urn:ietf:params:oauth:grant-type:token-exchange",
"client_id" -> config.clientId,
"requested_subject" -> userId,
"subject_token" -> token
)
.response(asJson[TokenResponse])
.send()
.flatMap {
_.body match {
case Left(error) => Future.failed(new RuntimeException(error))
case Right(Left(circeError)) => Future.failed(circeError)
case Right(Right(tokenResponse)) => Future.successful(tokenResponse)
}
}
}
我试图基于它创建一个curl命令:
I tried to create a curl command based on it:
curl --verbose -X POST "http://<host>/auth/realms/master/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
-d 'client_id=admin_cli' \
-d "requested_subject=${USER_ID}" \
-d "subject_token=${TKN}"
但我收到了错误 invalid_client_credentials 。客户端 admin_cli的访问类型为 public。我尝试将授权令牌添加为承载者,但仍然遇到相同的错误。
but I got error "invalid_client_credentials". Client "admin_cli" has access_type as "public". I tried adding the authorization token as a bearer but still got the same error.
我错过了一些要配置的东西吗?还是curl命令缺少某些参数?
Have I missed something to configure ? Or is the curl command missing some parameter ?
感谢您的帮助
推荐答案
我解决了这个问题,它是curl命令 admin_cli
中的简单错字,而不是 admin-cli
。
I solved the issue, it was a simple typo in the curl command admin_cli
instead of admin-cli
.
谢谢
这篇关于Keycloak访问模拟API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!