如何在密钥斗篷中使用机密客户端?
How to use confidential client in keycloak?
我有链接到用户的 OpenID public 类型的客户端。我可以登录到该用户并在 access 中获取令牌。
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.put("grant_type", List.of("password"));
headers.put("client_id", List.of("client-id"));
headers.put("username", List.of("username"));
headers.put("password", List.of("password"));
headers.put("scope", List.of("openid"));
String reponse = new RestTemplate()
.postForObject("https://domain/auth/realms/r/protocol/openid-connect/token", headers, String.class);
但是对于链接到用户的 'confidential' 类型客户端,我以相同的方式获取令牌。收到错误 401。
那么,我该如何验证机密类型呢?
您还需要为机密客户端 -client_secret 参数发送客户端机密。所以在你的情况下:
headers.put("client_secret", List.of("client_secret"));
注意:您可以在 Keycloak 客户端配置 Credentials 部分找到客户端密钥值 - 它取决于使用的 Client Authenticator,因此它可能会更复杂。
您未在请求中发送 client_secret。
Confidential clients are required to provide a client secret when they exchange the temporary codes for tokens. Public clients are not required to provide this client secret.
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.put("grant_type", List.of("password"));
headers.put("client_id", List.of("client-id"));
headers.put("client_secret", List.of("client-secret"));
headers.put("username", List.of("username"));
headers.put("password", List.of("password"));
headers.put("scope", List.of("openid"));
String reponse = new RestTemplate()
.postForObject("https://domain/auth/realms/r/protocol/openid-connect/token", headers, String.class);
我有链接到用户的 OpenID public 类型的客户端。我可以登录到该用户并在 access 中获取令牌。
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.put("grant_type", List.of("password"));
headers.put("client_id", List.of("client-id"));
headers.put("username", List.of("username"));
headers.put("password", List.of("password"));
headers.put("scope", List.of("openid"));
String reponse = new RestTemplate()
.postForObject("https://domain/auth/realms/r/protocol/openid-connect/token", headers, String.class);
但是对于链接到用户的 'confidential' 类型客户端,我以相同的方式获取令牌。收到错误 401。 那么,我该如何验证机密类型呢?
您还需要为机密客户端 -client_secret 参数发送客户端机密。所以在你的情况下:
headers.put("client_secret", List.of("client_secret"));
注意:您可以在 Keycloak 客户端配置 Credentials 部分找到客户端密钥值 - 它取决于使用的 Client Authenticator,因此它可能会更复杂。
您未在请求中发送 client_secret。
Confidential clients are required to provide a client secret when they exchange the temporary codes for tokens. Public clients are not required to provide this client secret.
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.put("grant_type", List.of("password"));
headers.put("client_id", List.of("client-id"));
headers.put("client_secret", List.of("client-secret"));
headers.put("username", List.of("username"));
headers.put("password", List.of("password"));
headers.put("scope", List.of("openid"));
String reponse = new RestTemplate()
.postForObject("https://domain/auth/realms/r/protocol/openid-connect/token", headers, String.class);