Keycloak的OAuth2/OpenID Connect端点是什么? [英] What are Keycloak's OAuth2 / OpenID Connect endpoints?

问题描述

我们正在尝试将Keycloak作为一种SSO解决方案进行评估，它在很多方面看起来都不错，但是非常缺乏基础知识的文档.

We are trying to evaluate Keycloak as an SSO solution, and it looks good in many respects, but the documentation is painfully lacking in the basics.

对于在域test的http://localhost:8080/上给定的Keycloak安装，什么是 OAuth2授权端点， OAuth2令牌端点和

For a given Keycloak installation on http://localhost:8080/ for realm test, what are the OAuth2 Authorization Endpoint, OAuth2 Token Endpoint and OpenID Connect UserInfo Endpoint ?

我们对使用Keycloak自己的客户端库不感兴趣，我们想使用标准的OAuth2/OpenID Connect客户端库，因为使用keycloak服务器的客户端应用程序将以多种语言编写(PHP，Ruby，Node， Java，C#，Angular).因此，使用Keycloak客户端的示例对我们没有用.

We are not interested in using Keycloak's own client library, we want to use standard OAuth2 / OpenID Connect client libraries, as the client applications using the keycloak server will be written in a wide range of languages (PHP, Ruby, Node, Java, C#, Angular). Therefore the examples that use the Keycloak client aren't of use for us.

推荐答案

对于Keycloak 1.2，可以通过url检索以上信息

For Keycloak 1.2 the above information can be retrieved via the url

http://keycloakhost:keycloakport/auth/realms/ {realm}/.well-已知/openid配置

http://keycloakhost:keycloakport/auth/realms/{realm}/.well-known/openid-configuration

例如，如果领域名称是 demo :

For example, if the realm name is demo:

http://keycloakhost:keycloakport/auth/realms/demo /.well-known/openid-configuration

网址上方的示例输出:

{
    "issuer": "http://localhost:8080/auth/realms/demo",
    "authorization_endpoint": "http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth",
    "token_endpoint": "http://localhost:8080/auth/realms/demo/protocol/openid-connect/token",
    "userinfo_endpoint": "http://localhost:8080/auth/realms/demo/protocol/openid-connect/userinfo",
    "end_session_endpoint": "http://localhost:8080/auth/realms/demo/protocol/openid-connect/logout",
    "jwks_uri": "http://localhost:8080/auth/realms/demo/protocol/openid-connect/certs",
    "grant_types_supported": [
        "authorization_code",
        "refresh_token",
        "password"
    ],
    "response_types_supported": [
        "code"
    ],
    "subject_types_supported": [
        "public"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "response_modes_supported": [
        "query"
    ]
}

在 https://issues.jboss.org/browse/KEYCLOAK-571 中找到的信息

注意:您可能需要将客户端添加到有效重定向URI 列表

Note: You might need to add your client to the Valid Redirect URI list

这篇关于Keycloak的OAuth2/OpenID Connect端点是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！