I'm trying to validate the user session via Keycloak.
In the below curl command, I can get the token of the user.
curl --data "grant_type=password&client_id=test-client&username=test&password=test&client_secret={clientSecret}" localhost:8080/realms/Test/protocol/openid-connect/token
Is there a curl command that I can check if the user has already a session in the Keycloak realm? (I don't need to pass the password in that command)
There are no API for find specific session by username
But client's a session user list API exist.
You can search a specific username's session from that response list.
GET /{realm}/clients/{id}/user-sessions
https://www.keycloak.org/docs-api/18.0/rest-api/index.html
Demo by curl
curl --location --request GET 'http://localhost:8080/auth/admin/realms/Test/clients/2e8ec9da-0236-47ad-aa8f-906a724d4ccd/user-sessions' --header 'Authorization: Bearer '"$MASTER_TOKEN" | jq
I can get the master token by this commands
MASTER_TOKEN_URL=$(curl --location --request GET 'http://localhost:8080/auth/realms/master/.well-known/openid-configuration' | jq -r '.token_endpoint')
echo $MASTER_TOKEN_URL
MASTER_TOKEN=$(curl --location --request POST "$MASTER_TOKEN_URL" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'grant_type=password' | jq -r '.access_token')
echo $MASTER_TOKEN
Related
I am trying to add a custom code check for a PR. After doing some research I found out that it can be done using the API mentioned below.
POST /repos/{owner}/{repo}/check-runs
Initially, it was giving me this error:
{
"message": "You must authenticate via a GitHub App.",
"documentation_url": "https://docs.github.com/rest/reference/checks#create-a-check-run"
}
I followed the guideline provided in this link.
I created a GitHub app.
Gave it required permission.
Generated a private key.
Generated a JWT token using the private key.
Installed the Github app in the repo too
I created a curl request:
curl --location --request POST 'https://api.github.com/repos/X/X-app/check-runs' \
--header 'Accept: application/vnd.github.v3+json' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.X.X-X-SAFvDnSkaJDjMI2T_BAC2iLlRZ7uNyFSe-X-UgFBFjoFrwsbcYFKfDM8f3FNPYpA6afhr18DLZ6rzu35klA' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "loremipsum"
}'
But, now I am getting this error
{
"message": "Bad credentials",
"documentation_url": "https://docs.github.com/rest"
}
I am not sure what I am missing here.
I figured this out. The GH documentation is a bit unclear/misleading. Here are the steps to make this work:
with the JWT bearer token, list your installations and note the installation id for your app
$ curl -i \
-H "Authorization: Bearer YOUR_JWT" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/app/installations
then get an installation access token for the above id
$ curl -i -X POST \
-H "Authorization: Bearer YOUR_JWT" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/app/installations/:installation_id/access_tokens
then with that token create the check run but use "Authorization: token" header
curl -i -H "Authorization: token YOUR_INSTALLATION_ACCESS_TOKEN"
Is there a way to configure reCAPTCHA via the CLI for a Keycloak standalone installation? To be more precise, is it possible to carry out all the steps described here in the Keycloak docs with the help of kcadm.sh?
You can achieve that by using Keycloak Admin REST API.
The first step is to get an admin token, so that one can call the Rest API:
curl -d "client_id=admin-cli" \
-d "username=$ADMIN_NAME" \
-d "password=$ADMIN_PASSWORD" \
-d "grant_type=password" \
https://$KEYCLOAK_IP/auth/realms/master/protocol/openid-connect/token
You will get a json response with the admin token. Extract the access token from that response (lets called $ACCESS_TOKEN).
Now, we need to get the list of all executions linked to the registration flow:
curl -X GET https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/flows/registration/executions \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN"
From that json response, extract the id of the "providerId=registration-recaptcha-action". Lets call that id, $ID_RECAPTCHA.
Next make the reCaptcha required at the registration:
CAPTCHA_DATA='{"id":"$ID_RECAPTCHA","requirement":"REQUIRED","providerId":"registration-recaptcha-action"}'
curl -X PUT https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/flows/registration/executions \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN"\
-d "$JSON_DATA"
Finally, to configure your own captcha:
CONFIG_DATA='{"config":{"site.key":"<YOUR SITE KEY>","secret":"<YOUR SECRET>","useRecaptchaNet":"<True or False>"},"alias":"<The CAPTCHA ALIAS>"}'
curl -X POST https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/executions/$ID_RECAPTCHA/config \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN"\
Next, the best thing is to automatize this process with, for instance, some bash scripts.
I'm not able to delete realm via REST API on Keycloak 8.0.2.
My Keycloak runs on localhost:38080. I followed this documentation https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_realms_admin_resource, see "Delete the realm" paragraph. First, I got token for admin user at http://localhost:38080/auth/realms/master/protocol/openid-connect/token
curl --location --request POST 'localhost:38080/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'client_id=vga_tests' \
--data-urlencode 'grant_type=password'
Then I used the token and tried to delete the example realm by this call
curl --location --request DELETE 'localhost:38080/auth/Example' \
--header 'Authorization: Bearer <TOKEN HERE>' \
--header 'Content-Type: application/json' \
--data-raw ''
(Note: curl commands are exported Postman calls)
I got this 404 response
{
"error": "RESTEASY003210: Could not find resource for full path: http://localhost:38080/auth/Example"
}
What am I doing wrong?
The documentation is incorrect, the address I needed to send the DELETE request to is localhost:38080/auth/admin/realms/example
curl command:
curl --location --request DELETE 'localhost:38080/auth/admin/realms/example' \
--header 'Authorization: Bearer <TOKEN HERE>' \
--header 'Content-Type: application/x-www-form-urlencoded'
Alternatively, using the CLI interface (search for "deleting a realm"),
you can do:
$ kcadm.sh delete realms/example
I'm trying to retrive the users list of a specific realm.
I've read this documentation uri schema user resource
So i've tried the following curl cmd:
curl \
-X GET \
-H "Authorization: bearer $KC_ACCESS_TOKEN" \
"http://localhost:8080/auth/$KC_REALM/users"
I got a 404 error.
The user exist in the realm and has the view-users role.
This is the docker-compose file that i'm using to test then env (docker-compose.yml)
Try:
curl \
-X GET \
-H "Authorization: bearer $KC_ACCESS_TOKEN" \
"http://localhost:8080/auth/admin/$KC_REALM/users"
Try this
curl \
-X GET \
-H "Authorization: bearer $KC_ACCESS_TOKEN" \
"http://localhost:8080/auth/admin/realms/{realm}/users"
I am using Parse REST Login API but I am getting invalid login parameter error. Then I tried log in example from https://parse.com/docs/rest/guide/#users-logging-in
> curl -X GET \
-H "X-Parse-Application-Id: <App_ID>" \
-H "X-Parse-REST-API-Key: <REST_ID>" \
-H "X-Parse-Revocable-Session: 1" \
-G \
--data-urlencode 'username=<username>' \
--data-urlencode 'password=<password>' \
https://api.parse.com/1/login
I used above curl command as it is (replacing AppID/RESTID/username and password) on terminal and I got same error
{"code":101,"error":"invalid login parameters"}
I believe above command should work as it is on terminal. Did anyone used REST API for log in?