Versions Compared

Old Version 154

changes.mady.by.user Kevin Timoney

Saved on

compared with

New Version 155

changes.mady.by.user Kevin Timoney

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
titleAuthorization Code
#!/bin/sh
HOST=$(minikube ip)
KEYCLOAK_PORT=$(kubectl -n default get service keycloak -o jsonpath='{.spec.ports[?(@.name=="http")].nodePort}')
REALM="jwtrealm"
CLIENT="jwtsecret"
AUTH_USERNAME="jwtuser"
AUTH_PASSWORD="secret"
STATE=$(uuidgen)

URL="http://$HOST:$KEYCLOAK_PORT/auth/realms/$REALM/protocol/openid-connect/auth?client_id=$CLIENT&response_type=code&state=$STATE"
STDOUT=$(curl -s -X GET $URL --insecure -D headers.out)
COOKIES=$(cat headers.out | grep set-cookie | cut -f2 -d' ' | tr -d '\n')
LOGIN_URL=$(echo $STDOUT | sed s'/.* action=//g' | cut -f1 -d' ' | sed s'/\"//g' | sed s'/amp;//g')

CURL_OUTPUT=$(curl -s --cookie $COOKIES -X POST "${LOGIN_URL}" -d "username=${AUTH_USERNAME}&password=${AUTH_PASSWORD}" --insecure -D headers.out)
CODE=$(cat headers.out | grep -i location | sed s'/.*code=//g')
echo CODE=$CODE
echo ACCESS_CODE=$CURL_OUTPUT
rm headers.out 2>/dev/null

To set this up so it retrieves the JWT access token once logged in we must configure the keycloak client with a "Valid Redirect URI", in this it will be "http://192.168.49.2:31233/callback"

The following go sevr is running at this endpoint:

Code Block
languagetext
titleAuthorization server callback
package main

import (
        "net/http"
        "encoding/json"
        "fmt"
        "io/ioutil"
        "time"
        "net/url"
)

type Jwttoken struct {
        Access_token       string
        Expires_in         int
        Refresh_expires_in int
        Refresh_token      string
        Token_type         string
        Not_before_policy  int
        Session_state      string
        Scope              string
}

var ttime time.Time
var jwt Jwttoken

func getToken(auth_code string) string {
                clientSecret := "Ctz6aBahmjQvAt7Lwgg8qDNsniuPkNCC"
                clientId := "jwtsecret"
                realmName := "jwtrealm"
                keycloakHost := "keycloak"
                keycloakPort := "8080"
                keycloakUrl := "http://" + keycloakHost + ":" + keycloakPort + "/auth/realms/" + realmName + "/protocol/openid-connect/token"
                fmt.Println(keycloakUrl)
                resp, err := http.PostForm(keycloakUrl,
                        url.Values{"code": {auth_code}, "grant_type": {"authorization_code"}, "client_id": {clientId}, "client_secret": {clientSecret}})
                if err != nil {
                        fmt.Println(err)
                        panic("Something wrong with the credentials or url ")
                }
                defer resp.Body.Close()
                body, err := ioutil.ReadAll(resp.Body)
                fmt.Println(string(body))
                json.Unmarshal([]byte(body), &jwt)
                ttime = time.Now()
                ttime = ttime.Add(time.Second * time.Duration(jwt.Expires_in))
        return jwt.Access_token
}


// implement `ServeHTTP` method on `HttpHandler` struct
func noprefix(res http.ResponseWriter, req *http.Request) {
        // create response binary data
        data := []byte("Authorization code default") // slice of bytes
        // write `data` to response
        res.Write(data)
}

func callback(res http.ResponseWriter, req *http.Request) {
        query := req.URL.Query()
        code := query.Get("code")
        token := getToken(code)
                res.WriteHeader(http.StatusOK)
                res.Write([]byte(token))
}

func main() {
        // create a new handler
        callbackHandler := http.HandlerFunc(callback)
        http.Handle("/callback", callbackHandler)
        noPrefixHandler := http.HandlerFunc(noprefix)
        http.Handle("/", noPrefixHandler)
        http.ListenAndServe(":9000", nil)
}




Keycloak Rest API

Documentation for the keycloak Rest API is available here: Keycloak Admin REST API

...