|
I posted last week[^] about how I was developing a new component which is intended to help you interact with, and administer Keycloak instances. The first operation in Keycloak is the ability to generate an access token for a user; this capability lies at the heart of pretty much every operation. Now, if I were doing this via curl, this would be the command I would issue.
curl \
-d "client_id=admin-cli" \
-d "username=admin" \
-d "password=password" \
-d "grant_type=password" \
"http://localhost:8080/realms/master/protocol/openid-connect/token" All very straightforward, but I want to provide code access to the APIs. Right now, to do the same thing, I have a large number of classes, but the simplicity I was talking about last week allows me to write minimal APIs that look like this.
using Keycloak.Core.Authentication;
using Keycloak.Core.Models;
using Keycloak.Core.Options;
using Microsoft.Extensions.Options;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddHttpClient();
builder.Services.AddOptions<KeycloakConnectionOptions>()
.BindConfiguration("keycloak").
ValidateDataAnnotations().
ValidateOnStart();
builder.Services.AddTransient<Authorize>();
builder.Services.AddSingleton(r => r.GetRequiredService<IOptions<KeycloakConnectionOptions>>().Value);
var app = builder.Build();
app.MapGet("/", () => "Hello World");
app.MapGet("/token", async (Authorize authorize) =>
{
var options = builder.Configuration.GetSection("keycloak").Get<KeycloakConnectionOptions>();
Token token = await authorize.GetAccessToken(options, "CP", "Master");
return Results.Ok(token);
});
app.Run(); Behind this, I have a really simple JSON structure:
"keycloak": {
"AuthorizationServerUrl": "http://localhost:8080/",
"Realms": [{
"Key": "CP",
"Realm": "CP",
"SslRequired": "External",
"Resource": "CP-Test",
"AuthenticationOptions": [{
"Key": "Master",
"AuthenticationType": "Password",
"Password": {
"Username": "peter",
"Password": "peter"
}
}]
}]
} I love simplicity and I love that fast iterations allow me to turn the code around really quickly, including validating the options to make sure they follow my Keycloak connection rules.
|
|
|
|
|
Part of me liked this post because I didn't understand any of it, and it helps remind me of how half my discussions come off to others.
To err is human. Fortune favors the monsters.
|
|
|
|
|
Can relate. Was a temporary math teacher at one point
|
|
|
|
|
This post and all of @code-witch posts make me feel like am a fraud at my work place.
|
|
|
|
|
If it makes you feel better, I didn't understand the OP either.
To err is human. Fortune favors the monsters.
|
|
|
|
|
What does it make me if I understand Pete's post completely and almost all of Honey's posts?
On second thought, don't answer that question.
|
|
|
|
|
Pete O'Hanlon wrote: Behind this, I have a really simple JSON structure:
What happens when the json is missing the 'AuthorizationServerUrl' completely? Or it has been incorrectly entered and is not a valid url?
What happens if the password is wrong or expired?
|
|
|
|
|
The options are validated to make sure the values are supplied. There's a lot of validation in here, and a lot more coming. This isn't just dump and throw. That's what is happening in the ValidateDataAnnotations part.
modified 15-Feb-23 13:41pm.
|
|
|
|
|
Very interesting , and I am curious about Keycloak.Core.... library.
I guess this is work in progress (?)
|
|
|
|
|
While I am working on it, you can find the source in Github[^]. It's very rough while I add features to it.
|
|
|
|
|
Great thank you for the link, I am curious about testing OAuth 2.0 flows, I will plan/try something along this line, BR
|
|
|
|
|
Lost me in details. I see similarity of JSON and curl validations, but details flew right by. To be honest I don't what Keycloak is. I assume some sort of validation system.
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Yes, indeed ... it supports OAuth 2 scenarios for http endpoint protection ( Keycloak ), and it is an alternative for IS 4 ...
|
|
|
|
|
Thank you peterkm. I appreciate the info. Ask and you shall learn.
BTW I do
Worldle - Guess the Country![^]
and today (Feb 15, 2023) is was Belgium.
Extremely good beer for a Yankee like me.
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Quote: Extremely good beer for a Yankee like me. Thanks for the recognition ... all credits go to Belgian/Flemish monks who created "Trappist Westmalle Dubbel", "Westvleteren", and some more ... Being careful is necessary as they are quite strong 8-9% or even more ...
|
|
|
|
|
Keycloak is an identity and access management system. I find it to be easier to use than Identity Manager, and it has the benefit of being free. If you want user management that is easy to control, and that integrates with federated sources such as Facebook, Twitter, and Microsoft, this is the place to be.
|
|
|
|
|
var bs = builder.Services;
bs.Add...
etc.
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
Flow dog torn. (7)
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
Nice one
Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|
|
I agree.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Damnit! I got distracted and forgot to post the solution in time.
Do you want to be up tomorrow, or should I take it?
Flow
dog CUR
torn RENT
CURRENT
Good clue!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Sorry I fell asleep before the deadline (my midnight).
It's all yours - I have a regular Thursday meeting that often runs over the posting time anyway.
Cheers,
Peter
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
Can you delete open tabs in EDGE one by one like Firefox with X in tab?
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
If you mean the "X" in the open page tab you use to select a page to view out of the five or six you have open, then yes - just click it and it'll close.
Or you can use CTRL+F4 to close the current page.
This doesn't mean I use Edge willingly - for some stupid reason Microsoft pages don't open properly in Chrome (the only site that doesn't) on my desktop but do on the Surface and in Edge ...
Otherwise it would sit there and be ignored for another decade.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
ctrl-w
"If we don't change direction, we'll end up where we're going"
|
|
|
|