...
Code Block | ||||
---|---|---|---|---|
| ||||
#!/bin/sh
HOST=$(minikube ip)
KEYCLOAK_PORT=$(kubectl -n default get service keycloak -o jsonpath='{.spec.ports[?(@.name=="http")].nodePort}')
REALM="jwtrealm"
CLIENT="jwtsecret"
AUTH_USERNAME="jwtuser"
AUTH_PASSWORD="secret"
STATE=$(uuidgen)
URL="http://$HOST:$KEYCLOAK_PORT/auth/realms/$REALM/protocol/openid-connect/auth?client_id=$CLIENT&response_type=code&state=$STATE"
STDOUT=$(curl -s -X GET $URL --insecure -D headers.out)
COOKIES=$(cat headers.out | grep set-cookie | cut -f2 -d' ' | tr -d '\n')
LOGIN_URL=$(echo $STDOUT | sed s'/.* action=//g' | cut -f1 -d' ' | sed s'/\"//g' | sed s'/amp;//g')
CURL_OUTPUT=$(curl -s --cookie $COOKIES -X POST "${LOGIN_URL}" -d "username=${AUTH_USERNAME}&password=${AUTH_PASSWORD}" --insecure -D headers.out)
CODE=$(cat headers.out | grep -i location | sed s'/.*code=//g')
echo CODE=$CODE
echo ACCESS_CODE=$CURL_OUTPUT
rm headers.out 2>/dev/null |
To set this up so it retrieves the JWT access token once logged in we must configure the keycloak client with a "Valid Redirect URI", in this it will be "http://192.168.49.2:31233/callback"
The following go sevr is running at this endpoint:
Code Block | ||||
---|---|---|---|---|
| ||||
package main
import (
"net/http"
"encoding/json"
"fmt"
"io/ioutil"
"time"
"net/url"
)
type Jwttoken struct {
Access_token string
Expires_in int
Refresh_expires_in int
Refresh_token string
Token_type string
Not_before_policy int
Session_state string
Scope string
}
var ttime time.Time
var jwt Jwttoken
func getToken(auth_code string) string {
clientSecret := "Ctz6aBahmjQvAt7Lwgg8qDNsniuPkNCC"
clientId := "jwtsecret"
realmName := "jwtrealm"
keycloakHost := "keycloak"
keycloakPort := "8080"
keycloakUrl := "http://" + keycloakHost + ":" + keycloakPort + "/auth/realms/" + realmName + "/protocol/openid-connect/token"
fmt.Println(keycloakUrl)
resp, err := http.PostForm(keycloakUrl,
url.Values{"code": {auth_code}, "grant_type": {"authorization_code"}, "client_id": {clientId}, "client_secret": {clientSecret}})
if err != nil {
fmt.Println(err)
panic("Something wrong with the credentials or url ")
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
fmt.Println(string(body))
json.Unmarshal([]byte(body), &jwt)
ttime = time.Now()
ttime = ttime.Add(time.Second * time.Duration(jwt.Expires_in))
return jwt.Access_token
}
// implement `ServeHTTP` method on `HttpHandler` struct
func noprefix(res http.ResponseWriter, req *http.Request) {
// create response binary data
data := []byte("Authorization code default") // slice of bytes
// write `data` to response
res.Write(data)
}
func callback(res http.ResponseWriter, req *http.Request) {
query := req.URL.Query()
code := query.Get("code")
token := getToken(code)
res.WriteHeader(http.StatusOK)
res.Write([]byte(token))
}
func main() {
// create a new handler
callbackHandler := http.HandlerFunc(callback)
http.Handle("/callback", callbackHandler)
noPrefixHandler := http.HandlerFunc(noprefix)
http.Handle("/", noPrefixHandler)
http.ListenAndServe(":9000", nil)
}
|
Keycloak Rest API
Documentation for the keycloak Rest API is available here: Keycloak Admin REST API
...