Configuration of reCAPTCHA for Keycloak via CLI - keycloak

Is there a way to configure reCAPTCHA via the CLI for a Keycloak standalone installation? To be more precise, is it possible to carry out all the steps described here in the Keycloak docs with the help of kcadm.sh?

You can achieve that by using Keycloak Admin REST API.
The first step is to get an admin token, so that one can call the Rest API:
curl -d "client_id=admin-cli" \
-d "username=$ADMIN_NAME" \
-d "password=$ADMIN_PASSWORD" \
-d "grant_type=password" \
https://$KEYCLOAK_IP/auth/realms/master/protocol/openid-connect/token
You will get a json response with the admin token. Extract the access token from that response (lets called $ACCESS_TOKEN).
Now, we need to get the list of all executions linked to the registration flow:
curl -X GET https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/flows/registration/executions \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN"
From that json response, extract the id of the "providerId=registration-recaptcha-action". Lets call that id, $ID_RECAPTCHA.
Next make the reCaptcha required at the registration:
CAPTCHA_DATA='{"id":"$ID_RECAPTCHA","requirement":"REQUIRED","providerId":"registration-recaptcha-action"}'
curl -X PUT https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/flows/registration/executions \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN"\
-d "$JSON_DATA"
Finally, to configure your own captcha:
CONFIG_DATA='{"config":{"site.key":"<YOUR SITE KEY>","secret":"<YOUR SECRET>","useRecaptchaNet":"<True or False>"},"alias":"<The CAPTCHA ALIAS>"}'
curl -X POST https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/executions/$ID_RECAPTCHA/config \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN"\
Next, the best thing is to automatize this process with, for instance, some bash scripts.

Related

Adding filter with curl for github api

How do i add the 2fa filter in curl for the github api?Here is an image of the documentation page, however it does not specify how to add the filter for 2fa.
Thanks so much!
I have tried using a "?":
curl
-H "Accept: application/vnd.github+json"
-H "Authorization: Bearer """
-H "X-GitHub-Api-Version: 2022-11-28"
https://api.github.com/orgs/"my_org_name"/members?2fa_disabled
According to the documentation, the query-parameter you need is called filter with the value 2fa_disabled. Therefore your curl command should look the following:
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/members?filter=2fa_disabled
Keep in mind that this options is only available for organization owners.
Documentation: https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#list-organization-members

Github REST Api get workflow runs for a specific date range with cURL

I am trying to query Github's REST API to list workflow runs for specific date ranges.
Here's an example curl call:
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/[OWNER]/[REPO]/actions/runs?created:2023-01-01..2023-01-02"
From what I understand from the documentation, this is how I should be able to retrieve only results from Jan 1st and 2nd of 2023. But it does not work, my result is always the latest runs.
What am I doing wrong?
you should use the = symbol instead of :, like:
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/[OWNER]/[REPO]/actions/runs?created=2023-01-01..2023-01-02"

keycloak 4.8 Rest API

I'm trying to retrive the users list of a specific realm.
I've read this documentation uri schema user resource
So i've tried the following curl cmd:
curl \
-X GET \
-H "Authorization: bearer $KC_ACCESS_TOKEN" \
"http://localhost:8080/auth/$KC_REALM/users"
I got a 404 error.
The user exist in the realm and has the view-users role.
This is the docker-compose file that i'm using to test then env (docker-compose.yml)
Try:
curl \
-X GET \
-H "Authorization: bearer $KC_ACCESS_TOKEN" \
"http://localhost:8080/auth/admin/$KC_REALM/users"
Try this
curl \
-X GET \
-H "Authorization: bearer $KC_ACCESS_TOKEN" \
"http://localhost:8080/auth/admin/realms/{realm}/users"

POST request to google cloud storage using Curl

In the following Curl command, content type and content length and access bearer are attached to my bucket URI to upload a file to google cloud storage.
C:\softwares\curl>curl -X POST -H "Content-Type:application/json" \
-H "Content-Length:100" \
-H "Authorization: Bearer <MY_OAUTH2_TOKEN>" \
"https://www.googleapis.com/upload/storage/v1/b/kids-74096.appspot.com/o?uploadType=media&name=newcurl" \
-d '{"text":"something"}'
But I am getting this error:
curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
Make sure to include a Content-Type header, and ensure that your Content-Length matches the length of the data you're sending. Here's an example:
curl -k -v -X POST \
-H "Authorization: Bearer <your_oauth2_token>" -H "Content-Length: 8" \
-H "Content-Type: text/plain" \
'https://www.googleapis.com/upload/storage/v1/b/your-bucket/o?uploadType=media&name=yourobjectname' \
-d 'yourdata'
As suggested in the comments, you might find it easier to use gsutil or the Cloud Storage client libraries to accomplish this.

Request to VSTS REST API only works on Postman

I'm trying to run this request
curl -X POST \
'https://*****.visualstudio.com/DefaultCollection/_apis/wit/wiql?=&api-version=1.0' \
-H 'authorization: Basic *****' \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-H 'postman-token: *****' \
-d '{
"query": "SELECT [System.Id] FROM WorkItems"
}'
but I keep getting this error
{"count":1,"value":{"Message":"A value is required but was not present in the request.\r\n"}}
It works as expected on Postman, so I think the request and the server are OK.
I'm trying to follow the first example shown here: https://www.visualstudio.com/en-us/docs/integrate/api/wit/wiql
Am I missing something?
The URL is wrong, remove =& from the REST API url and the url will be like this:
https://*****.visualstudio.com/DefaultCollection/_apis/wit/wiql?api-version=1.