Keycloak访问模拟API [英] Keycloak access impersonate API

问题描述

我们开始使用keycloak 3.4.3，我们需要在应用程序中引入模拟功能。我们发现keycloak具有模拟的api，不幸的是它不会为用户返回令牌，而是为用户可以选择自己的客户端的重定向链接。

We started using keycloak 3.4.3 and we need to introduce an impersonate function in our application. We found that keycloak has an impersonate api which unfortunate it does not return a token for the user but a redirect link for which the user can "select" his own client.

我们在这里找到

https://blog.softwaremill.com/who-am-i-keycloak-impersonation-api-bfe7acaf051a

一种方式（在scala）来检索新令牌（仅适用于keycloak 3.4 +）：

a way (in scala) to retrieve a fresh token (only for keycloak 3.4+):

    private def exchangeToken(token: String, userId: String): Future[TokenResponse] = {
  import io.circe.generic.auto._
  sttp
    .post(uri"${config.authServerUrl}/realms/${config.realm}/protocol/openid-connect/token")
    .body(
      "grant_type" -> "urn:ietf:params:oauth:grant-type:token-exchange",
      "client_id" -> config.clientId,
      "requested_subject" -> userId,
      "subject_token" -> token
    )
    .response(asJson[TokenResponse])
    .send()
    .flatMap {
      _.body match {
        case Left(error) => Future.failed(new RuntimeException(error))
        case Right(Left(circeError)) => Future.failed(circeError)
        case Right(Right(tokenResponse)) => Future.successful(tokenResponse)
      }
    }
}

我试图基于它创建一个curl命令：

I tried to create a curl command based on it:

curl --verbose -X POST "http://<host>/auth/realms/master/protocol/openid-connect/token" \
 -H "Content-Type: application/x-www-form-urlencoded" \
 --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
 -d 'client_id=admin_cli' \
 -d "requested_subject=${USER_ID}" \
 -d "subject_token=${TKN}" 

但我收到了错误 invalid_client_credentials 。客户端 admin_cli的访问类型为 public。我尝试将授权令牌添加为承载者，但仍然遇到相同的错误。

but I got error "invalid_client_credentials". Client "admin_cli" has access_type as "public". I tried adding the authorization token as a bearer but still got the same error.

我错过了一些要配置的东西吗？还是curl命令缺少某些参数？

Have I missed something to configure ? Or is the curl command missing some parameter ?

感谢您的帮助

推荐答案

我解决了这个问题，它是curl命令 admin_cli 中的简单错字，而不是 admin-cli 。

I solved the issue, it was a simple typo in the curl command admin_cli instead of admin-cli.

谢谢

这篇关于Keycloak访问模拟API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！