从Keyrock Fiware API获取Auth-Token [英] Obtain Auth-Token from Keyrock Fiware API
问题描述
我正在docker的笔记本电脑上本地运行Keyrock Fiware.我知道这是可行的,因为我可以通过浏览器访问http://localhost:8000和http://localhost:8000/sign_up,并且它们可以正确响应.
I am running Keyrock Fiware locally on my laptop in docker. I know this is working because I can visit http://localhost:8000 and http://localhost:8000/sign_up through my browser and they respond correctly.
在创建API调用时遇到了麻烦.我正在尝试使用Postman,但是在获取auth令牌时遇到了麻烦,这是进行一些api调用所必需的.
I am having trouble when it comes to creating API calls. I am trying to use Postman, but I am having trouble with obtaining an auth-token, which is required to make some api calls.
遵循此指南我正在尝试创建对http:/localhost:8000/oauth2/tokens
Following this guide I am trying to create a POST request to http:/localhost:8000/oauth2/tokens
这本身似乎不起作用,我需要添加其他信息,例如
This by itself doesn't seem to work and I need to add other information like
grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD
&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET`
我不知道该信息在邮递员请求中的去向.
我有字段Authorization,Headers,Body,在Headers中我有字段key,value和description,但是,我不知道其中哪一个是正确的.
I don't know where this information is supposed to go in my Postman request.
I have the field Authorization, Headers, Body, and in Headers I have the field key, value and description but, I don't understand which of these is the right one.
推荐答案
简短答案:
IdM Keyrock API要求对其大多数端点进行身份验证,因此您实际上应该生成一个令牌.如何生成令牌比较复杂,需要一些背景知识进行解释. 如果您使用的是官方的IdM Keyrock GE,我完全建议您观看此教程关于Fiware Academy中的此组件. 它解释了如何使用OAuth2客户端和IdM密钥库生成OAuth2令牌.
The IdM Keyrock API requires authentication for most of its endpoints, so you should actually generate a token. How to generate a token is something more complicated that needs some background to be explained. If you are using the official IdM keyrock GE I totally recommend you to watch this tutorial about this component in Fiware Academy. It explains among other things how to generate an OAuth2 token using an OAuth2 client and the IdM keyrock.
详细答案:
GE IdM Keyrock包含两个项目:Horizon和Keystone.两者都是您在Github中可以找到的Openstack项目的分支.使用服务到端口8000时,您正在调用Horizon服务,这是前端组件.另一方面,当您使用端口5000的服务时,您正在调用Keystone服务,这是后端组件.顺便说一句,如果您正在寻找有关此API的更多信息,可以在这里找到它:
The GE IdM Keyrock consists of two projects: Horizon and Keystone. Both are forks of Openstack projects that you can find in Github. When you consume services to port 8000 you are calling Horizon services which is the frontend component. On the other hand when you consume services to port 5000 you are calling Keystone services which is the backend component. By the way if you are looking for more info about this APIs you could find it here:
- IdM Keyrock APIs
- Openstack Keystone API v3
棘手的部分是,虽然Keystone处理其自己的内部令牌(Keystone令牌),但FIWARE使用OAuth2令牌与其他GE集成.因此,您会在keyrock API中找到OAuth2扩展.因此,取决于您要使用的API,将需要哪种令牌:Keystone令牌或OAuth2令牌.
The tricky part is that while keystone handles its own internal tokens (keystone tokens), FIWARE uses OAuth2 tokens to integrate with other GEs. For this reason you will find OAuth2 extensions within the keyrock APIs. So, depending on which API you want to consume, what kind of token you will need: Keystone token or OAuth2 token.
例如,如果您想使用以下服务来检索现有用户,则将需要一个Keytone令牌.
For example, if you want to retrieve the existing users using the following service, you will need a Keytone token.
最后,要生成梯形校正令牌,您可以使用梯形校正API的以下服务:
Finally, to generate a keystone token you could use the following service of the keystone API:
POST http://[keyrock_host]:5000/v3/auth/tokens
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": [ADMIN_USER],
"domain": { "name": "default" },
"password": [ADMIN_PWD]
}
}
}
}
}
如果您是从Docker Hub镜像甚至从官方源代码存储库安装Keyrock的,请尝试对ADMIN_USER和ADMIN_PWD使用"idm".
If you installed Keyrock from Docker Hub image or even from the official source code repository try with "idm" for ADMIN_USER and ADMIN_PWD.
希望我能对您有所帮助.祝您好运!
I hope I have been helpful. Good luck with the tesis!
这篇关于从Keyrock Fiware API获取Auth-Token的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
