如何通过Keycloak Rest API生成JWT令牌? [英] How to generate jwt token through keycloak rest api?

问题描述

我正在将Keycloak集成到现有应用程序中.作为此过程的一部分，我需要测试Web应用程序是否可以接受从keycloak生成的jwt令牌.

I'm working on integrating Keycloak into an existing application. As part of this process I need to test that the web application can accept jwt tokens generated from keycloak.

我已阅读API文档 http://www. keycloak.org/docs-api/3.4/rest-api/index.html ，找不到用于创建jwt令牌的任何方法.

I have read the API docs http://www.keycloak.org/docs-api/3.4/rest-api/index.html and could not find any methods for creating a jwt token.

有人知道在Keycloak中创建jwt令牌的任何REST api方法吗?

Does anyone know of any REST api methods for creating a jwt token in Keycloak?

推荐答案

根据keycloak邮件列表成员[ВиталийИщенко和Hynek Mlnarik]提供的keycloak邮件列表详细信息

As per the keycloak mailing list details provided by keycloak mailing list members [Виталий Ищенко and Hynek Mlnarik]

很大程度上取决于您要发布的JWT.对于生成样本 访问令牌，请参见[1]，有关操作令牌，请参见[2]，自定义，请参见[3].

Depends a lot on what JWT you want to issue. For samples of generating access token, see [1], for action token, see [2], custom, see [3].

[1] https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java#L698

[2] https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionToken.java#L140

[3] Keycloak遵循OIDC规范，您可以使用OAuth2中定义的任何流 [1]以及OIDC中添加的一些其他流程

Keycloak follows OIDC spec, and you can use any of flows, defined in OAuth2 [1] as well as some additional flows added in OIDC

OIDC规定了JWT的用法，因此访问令牌(以及refresh_token， id_token和其他均为JWT)将以JWT格式返回

OIDC dictates usage of JWT, so access tokens (as well as refresh_token, id_token and others are JWT) will be returned in JWT format

要找出令牌和身份验证的地址，keycloak提供了OIDC 发现网址，即http://keycloakhost:keycloakport/auth/realms/{realm}/.well-known/openid-configuration

To find out addresses of token and authentication, keycloak provides OIDC discovery url, i.e. http://keycloakhost:keycloakport/auth/realms/{realm}/.well-known/openid-configuration

有一堆库可以简化令牌请求 针对OIDC规范编写的过程.但是Keycloak有一套适配器 可以很好地适合您现有的技术堆栈[2].一世 认为允许他们允许访问原始JWT令牌

There are bunch of libs that will allow to simplify token request procedures written for OIDC spec. But Keycloak has a set of adapters written, that can fit nicely into your existing technology stack [2]. I think allow of them allow to access raw JWT tokens

[1] https://aaronparecki.com/oauth-2-simplified/

[2] http://www. keycloak.org/docs/latest/securing_apps/index.html#openid-connect-3

这篇关于如何通过Keycloak Rest API生成JWT令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！