通过 cURL 获取访问令牌
Obtaining an access token via cURL
简单问题:
为什么以下代码有效...(returns 访问令牌很好)
curl --data "grant_type=client_credentials&client_id=synchronization_tool&client_secret=8f6a6e73-66ca-4f8f-1234-ab909147f1cf" http://localhost:8080/auth/realms/master/protocol/openid-connect/token
而这个没有?
curl -d '{"grant_type":"client_credentials","client_secret":"8f6a6e73-66ca-4f8f-1234-ab909147f1cf","client_id":"synchronization_tool"}' http://localhost:8080/auth/realms/master/protocol/openid-connect/token -H "Content-Type: application/json"
它给了我:
"error":"invalid_request","error_description":"Missing form parameter: grant_type"}
不应该是两个完全相似的请求吗?
好吧,那些 cURL 查询似乎不是模拟的。
此外,端点 http://localhost:8080/auth/realms/master/protocol/openid-connect/token 不理解 JSON,它只接受 x-www-form-urlencoded 查询。
curl -d 'client_id=xxx' -d 'username=xxx' -d 'password=xxx' -d 'grant_type=password' 'http://localhost:8080/auth/realms/YOUR_REALM_NAME/protocol/openid-connect/token' | python -m json.tool
这对我有用,它会给你 access_token 和 session_token
卷曲命令:
curl \
-d "client_id=account" \
-d "client_secret=d5141c8b-ea12-4320-a500-74a046083c08" \
-d "grant_type=client_credentials" \
"http://localhost:9080/auth/realms/myrealm/protocol/openid-connect/token"
回复:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJvd0xKUUZXbmVldV9ORm9WOUZKNkVrQW84SDVfN3RReDc2RTEyRnR3YkhzIn0.eyJleHAiOjE2NDc2NTQzNTAsImlhdCI6MTY0NzY1MDc1MCwianRpIjoiMzU3NGRmN2YtMjFjMi00OGUxLTk2NDUtYjVjNGM4ODM4MjNkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MDgwL2F1dGgvcmVhbG1zL215cmVhbG0iLCJhdWQiOiJzZWN1cml0eS1hZG1pbi1jb25zb2xlIiwic3ViIjoiZjhhMjQ4YjUtZDkyNS00N2RiLTlmYTYtNTFkY2UyYTIxY2E2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWNjb3VudCIsImFjciI6IjEiLCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJjbGllbnRIb3N0IjoiMTcyLjE3LjAuMSIsImNsaWVudElkIjoiYWNjb3VudCIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1hY2NvdW50IiwiY2xpZW50QWRkcmVzcyI6IjE3Mi4xNy4wLjEifQ.OoSm7YQksfB42Ll0QIe3eOMYFpb_AUQQOJj34sigyRJ953GyqeEEm9vjjeV2HuFecfmFeNX4IHwPHPMPoN4MovsHPvajK9AEiFnBmrLo6f3pzk25FTellRM3er_v_9vH0PVm22vg9YrR2fGCvCsJ0w9ULmjnO2jtR7XMaFw0Kw65RrCSaF1HDy1V-_QRAtRQNYBbkEeDomQ5fLei3eKHT498FBACbnsnxi0MvDtlUg-5ttf6r-Okb29JkNnMmYukgTNHQJOuQh4Htvkr_L0HQj3HoVt8mFFA3oSbe7m4IDydFbGBO5ZuooseRDFPMFU7UzMfQjy-pTO8r1C1Yu0fQw",
"expires_in": 3600,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 0,
"scope": "profile email"
}
简单问题:
为什么以下代码有效...(returns 访问令牌很好)
curl --data "grant_type=client_credentials&client_id=synchronization_tool&client_secret=8f6a6e73-66ca-4f8f-1234-ab909147f1cf" http://localhost:8080/auth/realms/master/protocol/openid-connect/token
而这个没有?
curl -d '{"grant_type":"client_credentials","client_secret":"8f6a6e73-66ca-4f8f-1234-ab909147f1cf","client_id":"synchronization_tool"}' http://localhost:8080/auth/realms/master/protocol/openid-connect/token -H "Content-Type: application/json"
它给了我:
"error":"invalid_request","error_description":"Missing form parameter: grant_type"}
不应该是两个完全相似的请求吗?
好吧,那些 cURL 查询似乎不是模拟的。
此外,端点 http://localhost:8080/auth/realms/master/protocol/openid-connect/token 不理解 JSON,它只接受 x-www-form-urlencoded 查询。
curl -d 'client_id=xxx' -d 'username=xxx' -d 'password=xxx' -d 'grant_type=password' 'http://localhost:8080/auth/realms/YOUR_REALM_NAME/protocol/openid-connect/token' | python -m json.tool
这对我有用,它会给你 access_token 和 session_token
卷曲命令:
curl \
-d "client_id=account" \
-d "client_secret=d5141c8b-ea12-4320-a500-74a046083c08" \
-d "grant_type=client_credentials" \
"http://localhost:9080/auth/realms/myrealm/protocol/openid-connect/token"
回复:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJvd0xKUUZXbmVldV9ORm9WOUZKNkVrQW84SDVfN3RReDc2RTEyRnR3YkhzIn0.eyJleHAiOjE2NDc2NTQzNTAsImlhdCI6MTY0NzY1MDc1MCwianRpIjoiMzU3NGRmN2YtMjFjMi00OGUxLTk2NDUtYjVjNGM4ODM4MjNkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MDgwL2F1dGgvcmVhbG1zL215cmVhbG0iLCJhdWQiOiJzZWN1cml0eS1hZG1pbi1jb25zb2xlIiwic3ViIjoiZjhhMjQ4YjUtZDkyNS00N2RiLTlmYTYtNTFkY2UyYTIxY2E2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWNjb3VudCIsImFjciI6IjEiLCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJjbGllbnRIb3N0IjoiMTcyLjE3LjAuMSIsImNsaWVudElkIjoiYWNjb3VudCIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1hY2NvdW50IiwiY2xpZW50QWRkcmVzcyI6IjE3Mi4xNy4wLjEifQ.OoSm7YQksfB42Ll0QIe3eOMYFpb_AUQQOJj34sigyRJ953GyqeEEm9vjjeV2HuFecfmFeNX4IHwPHPMPoN4MovsHPvajK9AEiFnBmrLo6f3pzk25FTellRM3er_v_9vH0PVm22vg9YrR2fGCvCsJ0w9ULmjnO2jtR7XMaFw0Kw65RrCSaF1HDy1V-_QRAtRQNYBbkEeDomQ5fLei3eKHT498FBACbnsnxi0MvDtlUg-5ttf6r-Okb29JkNnMmYukgTNHQJOuQh4Htvkr_L0HQj3HoVt8mFFA3oSbe7m4IDydFbGBO5ZuooseRDFPMFU7UzMfQjy-pTO8r1C1Yu0fQw",
"expires_in": 3600,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 0,
"scope": "profile email"
}