Add protocol mapper to client via keycloak REST API - keycloak

By the latest Keycloak's REST API documentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_protocol_mappers_resource, I can't find enough information to add a new protocol mapping with mapper type 'Audience' by REST API. I am able to do it by Keycloak UI (See attached) and now I would like to automate it to our DevOps pipeline.
I wonder if the only way to find out the json content is to look at the request payload of the POST Request suggested by this post:
Where are all of the Keycloak Protocol Mapper Config Options documented?
There are also some information on keycloak ui : in the browser's debugger console (mapper types)

You need to issue an HTTP POST request to http://<host>:<port>/admin/realms/<realm_name>/clients/<client_id>/protocol-mappers/models
with a payload like this
{
"protocol":"openid-connect",
"config": {
"id.token.claim":"false",
"access.token.claim":"true",
"included.client.audience":"admin-cli",
"included.custom.audience":"custom_audience"
},
"name":"Audience Mapper",
"protocolMapper":"oidc-audience-mapper"
}

Related

Configuring Keycloak through its REST API with cUrl

I need to configure Keycloak to get a JWT token as in this blog post, but I have to do it with cUrl. They create a client and then update it setting access type to confidential, Direct Grant Flow to direct grant, and Browser Flow to browser. The PUT request from the web UI that does this has some uuids that they seem to have pulled out of nowhere. Here is the relevant part of the payload:
"authenticationFlowBindingOverrides":{"browser":"6d77c4c7-15cf-4474-9b9f-7439dbc83b83","direct_grant":"5cb10cdb-9902-4f7f-b9da-68f887c49a75"}
The docs for the ClientRepresentation are no help. They show all fields are optional, which doesn't make sense, and the authenticationFlowBindingOverrides is a Map, but the link in their docs for the Map is dead.
Does anyone know where they get the uuids for browser and direct_grant from?
There is also nothing in the PUT payload that sets the Access Type to confidential.
If anyone has a cUrl implementation of the UI steps in the blog post that would be greatly appreciated.
The PUT request from the web UI that does this has some uuids that
they seem to pull out of nowhere.
Those uuids are generated by keycloak to get them you need to call the endpoint:
GET KEYCLOAK_HOST/auth/admin/realms/<YOUR_REALM>/authentication/flows
From the JSON response you need to parser it and get the field id of both the alias: "browser" and the alias: "direct grant".
After that call the endpoint:
PUT KEYCLOAK_HOST/auth/admin/realms/<YOUR_REALM>/clients/<YOUR_CLIENT_ID>
with the following payload:
'{"publicClient":false,"clientAuthenticatorType":"client-secret","authenticationFlowBindingOverrides":{"direct_grant":"<DIRECT_GRANT_ID>","browser":"<BROWSER_ID>"}}'
There is also nothing in the PUT payload that sets the Access Type to
confidential.
You need to set the field publicClient to false.

Api calling with .netcore with docker

I am new to .net-core and docker. The problem I am going to explain here is a bit tricky, but if you have any type of questions please do ask me and I will explain it more clearly.
So, I have a docker container running on my localhost for whatsapp business api, as explained in Whatsapp Business Api Documentation.
I have already downloaded Postman Collection of Whatsapp Business Api from Whatsapp Business Postman Collection.
Everything seems to be working perfectly fine. But now I want to call these pre-built apis with .net-core and get the responses. As I couldn't find anything good, or also as a newbie it's difficult for me to understand. So for some knowledge I would like to know How can I call them and get the effective response. For example, take an example of a post request for admin login
API:
{{URL}}/v1/users/login
Authorization -> (Basic Auth)
username: admin
password: ****
RESPONSE:
{
"users": [
{
"token": "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyIjoiYWRtaW4iLCJpYXQiOjE1NTk5MTE1NTUsImV4cCI6MTU2MDUxNjM1NSwid2E6cmFuZCI6LTQxMzgyNDE0MjYwMDI5NjA1OTl9.PYAhEilXX3GDhRo0O-M0V0aXWfL5THJkG65LfIesxh4",
"expires_after": "2019-06-14 12:45:55+00:00"
}
],
"meta": {
"version": "v2.23.4",
"api_status": "stable"
}
}
the images for more explanation can be seen below in the request and response links.
The Login Authentication UI Image.
The Login Authentication Postman Image.
The Login Authentication Response New Password UI Image.
The Login Authentication Response Postman Image.
Now with this token I can create more users by other api calls.
How can I call an api like this and get the response with token and use that token for more functionalities or api calls with .netcore.
Thank you.
Your question is very broad, but in general, you want to create a service class where you inject a typed HttpClient instance (see: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/http-requests?view=aspnetcore-2.2#typed-clients).
The token can be stored on a private field or property in that service class. Then, just create a private method like GetTokenAsync in the service class, where you will either get the value from the field, or if it's null, then call the API to get it. All your other methods will then call GetTokenAsync to get the token they need, and make their own calls. Finally, inject the service class where you need it.

What's the correct uri for QBO v3 API update operation?

I'm trying to use the QBO v3 API object update function described here. The API explorer shows a different uri.
I'm trying to update an account with Id 42. Both of the following URIs get me a 401:
As the documentation would suggest:
https://quickbooks.api.intuit.com/v3/company/0123456789/account?requestid=42
(the above at least gives me a json blob with the 401)
As the api explorer would suggest:
https://qb.sbfinance.intuit.com/v3/company/0123456789/account?operation=update
(here I don't even get the json, just a plain 401)
My request body is successful when I use the api explorer, so I don't believe that's the problem. I also don't believe authentication is the problem, because I can successfully create objects and also make queries with the same headers.
What might I be missing?
Don't put the Account object's ID into the URL. The [?requestid=] from the documentation you mentioned apparently refers to an id related to the request (not the object in question). The API Explorer's URI appears to simply mislead (although I could certainly be missing something here).
In your example, just use this:
https://quickbooks.api.intuit.com/v3/company/0123456789/account
Let the headers and request body do the rest.
Correct BASE URI: https://quickbooks.api.intuit.com/v3/company/
you can refer example request/response section of any entity doc.
Ref -https://developer.intuit.com/docs/0025_quickbooksapi/0050_data_services/030_entity_services_reference/bill
To debug(401 authentication issue), you can use any standard RestClient.
In the following thread, I've explained how to use RestClinet plugin of Mozilla to test any QBO V3 endpoint.
InvalidTokenException: Unauthorized-401
You can download IPP's devkit and using that devkit you can call any endpoints easily.
https://developer.intuit.com/docs/0025_quickbooksapi/0055_devkits
Hope it will be useful.
Thanks

wso2 api manager 1.6.0 query parameters not accepted

I am using wso2 API manager 1.6.0 and would like to create an API which accepts any POST
on /users resource followed by any query parameter such as "clientid" (as described below)
restserver.com:8280/context/1/users?clientid=333
I have created an API in API publisher as follow :
URL Prefix URL Pattern HTTP Verb
/context/1 /users/* POST
Any POST on /users is accepted but as sson as I add a query paramter /users?clientid=333 , the request is rejected by the API Manager gateway with 403 error.
Could someone advice me on this and what should be the correct url-mapping format ?
The resulting url-mapping in synapse config file is as follow : (synapse-configs/default/api/)
Thanks a lot.
JS
For this you need to define uri-template instead of uri-mapping. This blog post explains more about this.
For your case I got it working as following.
Open your API configuration source which can be found at AM_HOME\repository\deployment\server\synapse-configs\default\api folder.
In the resource tag change url-mapping="/users/*" attribute to uri-template="/users/*"
But you will have to invoke the API as follows with additional context because when you say /users/* it means anything can come after users/. So you need to have a / after users context.
restserver.com:8280/context/1/users/usr?clientid=333

Sending the post method contents in REST invocation from WSO2 ESB

I have been trying to invoke a rest operation from my wso2 ESB and was successful in invoking the rest post method from WSO2 ESB. But, un luckily i was not able to access the data that i posted, neither through request parameters nor through request attributes.
PS: I don't want to frame a get kind of URLs for my post request.
is there a solution to this ?
You need to use the correct content type so it will preserve POST request data.This post will help you to understand the reason.
Edit.
1) Add the following entry to axis2.xml in message builders.
<messageBuilder contentType="application/x-www-form-urlencoded"
class="org.apache.synapse.commons.builders.XFormURLEncodedBuilder"/>
2) then access the required parameter in esb using
<property name="NameOfTheProperty" expression="//xformValues/NameOfTheProperty/text()"/>