[keycloak-user] login via curl

Ronald Demneri ronald.demneri at amdtia.com
Fri Aug 31 05:00:59 EDT 2018


Hello,

Yes I receive an error, I had not configured the account client to use Direct Access Grants, once I changed that I was able to receive the access and refresh tokens.

Let me explain a bit what I am trying to achieve:
I have a Jenkins instance where I have installed and configured the OIDC plugin. Basically login works as it should, but the global log out does not. In chrome I can see that the logout URL that Jenkins sends is this one:

http://keycloak:8080/auth/realms/test/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2Fjenkins%3A8080/?id_token_hint=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJZVWJyelJBSUJZemE5bkRUMVZxVmhYWGN5M1VaQ0hNZ1A2S3ZoUXMtOUcwIn0.eyJqdGkiOiJhYjZhZDkwNy01MDViLTQ5YmMtYTdmOC0yMzllNGJlYjE0MTIiLCJleHAiOjE1MzU1NTQyOTMsIm5iZiI6MCwiaWF0IjoxNTM1NTUzOTkzLCJpc3MiOiJodHRwOi8va2V5Y2xvYWs6ODA4MC9hdXRoL3JlYWxtcy90ZXN0LWxoaW5kIiwiYXVkIjoiamVua2lucy1jbGllbnQiLCJzdWIiOiJhY2NmNWJiYi0xZDNkLTRiMDItYWZlMi1iOGZkM2RkMTQ1NDgiLCJ0eXAiOiJJRCIsImF6cCI6ImplbmtpbnMtY2xpZW50IiwiYXV0aF90aW1lIjoxNTM1NTUzOTkzLCJzZXNzaW9uX3N0YXRlIjoiMzQ5Y2Q3ZjMtMjcyMS00MTdmLTg3ZmMtMjJlYmExMDkyOTg0IiwiYWNyIjoiMSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdDEifQ.LuwrieAEQ6eeAaMAir8H42SwwGDqsM8SqLdyDf6vZiHgEtG7Se9zu3iSISmjhzmi1a7t3Hmz4LrzigWNoTQJs7IEMG0xzF3U9OdwzQSK-Lb989IXt_xfYH2vBAZ-jYpFgoCYC-c4vfTf-74-iBP4IPQzeWl31LHarkcD4PemVsZCkUbLnODbCC6fZ2MnJnP_KAC5uVgCvXqfauf0HP8skbPp9tajUm4skuns3rfv2JeLJHIbwdmWSVkqpircWtYGx6j88NKAiudlRGL3vxBx6bC49BZpioK7Q0vXVmt1R24iykp-GyG5H10UiKidzhKS2WcGGmNFhRbGgOcLPEqWFA&state=N2M2MGQ5NDctOGM1OS00&post_logout_redirect_uri=

Sure enough, it displays an “Invalid redirect uri” in Keycloak. So I was trying to mimic the situation with curl and to see whether the issue still remains and I have to check the configurations in Keycloak, or if the Jenkins plugin does not send Keycloak the uri as Keycloak expects it.

Makes sense?

Regards,
Ronald

From: KevinO <oneal.kevin at gmail.com>
Sent: Thursday, August 30, 2018 5:51 PM
To: Ronald Demneri <ronald.demneri at amdtia.com>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] login via curl

Whenever I run
curl -v -d "client_id=amin-cli" -d "username=admin" -d "password=keycloak" -d "grant_type=password" "http://localhost:8070/auth/realms/External/protocol/openid-connect/token"
if something is incorrect, I get a message like
{"error":"invalid_grant","error_description":"Invalid user credentials"}
Are you getting any json reponse?
What does the log say?

On Thu, Aug 30, 2018 at 10:35 AM Ronald Demneri <ronald.demneri at amdtia.com<mailto:ronald.demneri at amdtia.com>> wrote:
Yeah, tried that as well, same result. Any other ideas?

Thanks in advance,
Ronald

Sent from my HTC

----- Reply message -----
From: "KevinO" <oneal.kevin at gmail.com<mailto:oneal.kevin at gmail.com>>
To: "Ronald Demneri" <ronald.demneri at amdtia.com<mailto:ronald.demneri at amdtia.com>>
Cc: "keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>" <keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Subject: [keycloak-user] login via curl
Date: Thu, Aug 30, 2018 17:26

Try

curl -d "client_id=account" -d "username=test1" -d "password=1234t1" -d "grant_type=password" "http://localhost:8070/auth/realms/test/protocol/openid-connect/token


On Thu, Aug 30, 2018 at 4:34 AM Ronald Demneri <ronald.demneri at amdtia.com<mailto:ronald.demneri at amdtia.com>> wrote:
Greetings everyone,

I am testing the possibility to login via curl to the account client in my test realm and then use the tokens to access another client. I have tried this:
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "cache-control: no-cache" \
-d "grant_type=password&scope=openid&client_id=account&username=test1&password=1234t1" \
"http://keycloak:8080/auth/realms/test /protocol/openid-connect/token" \
-v

But it gives me:
* upload completely sent off: 81 out of 81 bytes
< HTTP/1.1 400 Bad Request
< Connection: keep-alive
< Content-Type: application/json
< Content-Length: 91

What am I doing wrong and apologies if this question has been asked before.

Keycloak version is 4.1.0.Final

Ronald

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list