如何从Keycloak中的自定义客户端获取角色? [英] How to get roles from custom client in keycloak?
问题描述
要在自定义客户端中获得角色,我知道我需要执行两个API.一种是获取访问令牌,另一种是获取角色.我的疑问是,我应该通过在标头中发送admin-CLI详细信息来获取accessToken还是因为我想要已创建的自定义客户端的角色?因为,在尝试获取角色时,我遇到了unknown_error.
To get roles in a custom client I know I need to do two APIs. One is to get an access token and one is to get the roles. My doubt is, should I get accessToken by sending admin-CLI details in headers or because I want roles of the custom client I have created? Because, im getting unknown_error when trying to fetch roles.
要获取accessToken:
To get accessToken:
curl -X POST \
http://localhost:8080/auth/realms/test-keycloak-example/protocol/openid-connect/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=test-keycloak-example&client_secret=shhh'
要获得角色:
curl -X GET \
http://localhost:8080/auth/admin/realms/test-keycloak-example/clients/cb11fd17-46df-419a-9c67-4a69d1be66ae/roles \
-H 'authorization: Bearer <token received from previous call> \
-H 'cache-control: no-cache' \
-H 'postman-token: 248fef6b-9c24-3aa3-91ae-a6f11e01e55c'
响应为:
{
"error": "unknown_error"
}
推荐答案
使用Postman,并且三个条件都应支持它. #1测试用户"需要一个视图客户端"角色.它来自领域管理"领域.客户.
Using Postman and three conditions should support it. #1 "test-user" needs a "view-clients" role. It comes from "realm-management" client.
#2使用"admin-cli";客户端和使用机密"更改访问类型;并打开授权已启用"处于开启"状态
#2 Using "admin-cli" client and Change Access Type with "confidential" and turn on "Authorization Enabled" is "ON"
#3使用"admin-cli"的秘密进行邮递员令牌呼叫.
#3 using "admin-cli"'s secret for Postman token call.
#4获得带有#3的机密和#1用户的凭据(用户名和密码)的令牌
#4 get token with #3's secret and #1 user's credential(username and password)
- 令牌"expires_in"太短了,您需要通过UI来使它更长. 这是admin-cli的高级设置(仅用于测试目的)
- the token "expires_in" is very short, you need to makes a longer by UI. it is admin-cli's advanced settings(for just testing purpose)
#5,您需要保存用于调用客户端/角色API的令牌
#5 you needs to save a token for calling client/role API
- 与Postman的测试"选项卡上的#4的API相同.
- it is same #4's API on Tests Tab of Postman.
#6带有#5令牌的呼叫列表客户端/角色API.
#6 Call list client/role API with #5's token.
#7找到自定义客户端"; #6的ID
#7 find "custom-client" id from #6
#8使用#7 id调用自定义角色API. 它应该与UI的角色匹配.
#8 call custom role API using #7 id. it should be match with UI's roles.
祝你好运!
这篇关于如何从Keycloak中的自定义客户端获取角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!