<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
See our direct grant API. Here's an example:<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java</a><br>
<br>
I *STRONGLY* suggest you do not use the direct grant API for
browser-based applications. Otherwise you lose 90% of the features
of Keycloak. Use the direct grant API for REST clients, that's what
it was designed for. <br>
<br>
<div class="moz-cite-prefix">On 2/16/2016 1:59 AM, Sarp Kaya wrote:<br>
</div>
<blockquote cite="mid:D2E905E8.28CE%25akaya@expedia.com" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div>Hello,</div>
<div><br>
</div>
<div>I want my users to be able to login via API calls with our
without requiring a browser. I looked at examples and found
customer-app-cli, however I realised that even with manual
login, the current workflow requires a browser to login. I found
that every time when </div>
<div><a moz-do-not-send="true"
href="http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=customer-portal-cli&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob">http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=customer-portal-cli&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob</a></div>
<div><br>
</div>
<div>this page loads we get a form with a different code. In
theory we should be able to just stick username and password in
the body and be able to get 302 response. However when I get the
curl equivalent of what browser is doing I’ve gotten the below:</div>
<div><br>
</div>
<div>curl
'<a class="moz-txt-link-freetext" href="http://localhost:8080/auth/realms/demo/login-actions/authenticate?code=oY8nS7rFOlwYHNJwWS6kcw88jbxluo8EuDmZ_o5TWsw.431db3e8-6234-4ba5-8818-ed0335b8ee72&execution=08d88824-1286-4455-b5d1-07240bda8efd">http://localhost:8080/auth/realms/demo/login-actions/authenticate?code=oY8nS7rFOlwYHNJwWS6kcw88jbxluo8EuDmZ_o5TWsw.431db3e8-6234-4ba5-8818-ed0335b8ee72&execution=08d88824-1286-4455-b5d1-07240bda8efd</a>'
-H 'Cookie:
KEYCLOAK_STATE_CHECKER=a2teB_8_wfAfD9VtmV0DJhqDEuM9187r58mVW24Gfrg;
KC_RESTART=eyJhbGciOiJIUzI1NiJ9.eyJjcyI6IjQzMWRiM2U4LTYyMzQtNGJhNS04ODE4LWVkMDMzNWI4ZWU3MiIsImNpZCI6ImN1c3RvbWVyLXBvcnRhbC1jbGkiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvZGVtby9wcm90b2NvbC9vcGVuaWQtY29ubmVjdC9vYXV0aC9vb2IiLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJhY3Rpb25fa2V5IjoiYTA1MzFlNTYtZjk0Zi00NmM4LWFlNGUtNjQ4MDUyNDc2ZjEwIiwiYXV0aF90eXBlIjoiY29kZSIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9kZW1vIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJ1cm46aWV0Zjp3ZzpvYXV0aDoyLjA6b29iIn19.B5vuMj-fafRAS0gJ6m-OrU5cX0atABuWy252y5k7jr0'
-H 'Origin: <a class="moz-txt-link-freetext" href="http://localhost:8080">http://localhost:8080</a>' -H 'Accept-Encoding: gzip,
deflate' -H 'Accept-Language: en-US,en;q=0.8' -H
'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0
(Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/48.0.2564.109 Safari/537.36' -H
'Content-Type: application/x-www-form-urlencoded' -H 'Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'
-H 'Cache-Control: max-age=0' -H 'Referer:
<a class="moz-txt-link-freetext" href="http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=customer-portal-cli&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob">http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=customer-portal-cli&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob</a>'
-H 'Connection: keep-alive' --data
'username=sarp&password=pass1234&login=Log+in'
—compressed</div>
<div><br>
</div>
<div>I was hoping not to use the cookies and just change the code
bit with a new request to the page mentioned above and expect
302 response, however I am getting 500 responses saying error
occurred instead.</div>
<div><br>
</div>
<div>I looked on admin management console, but could not really
find a way to disable cookies for the given client or the realm.
I am guessing that one of those cookies are encrypting something
that is required and not using it simply prevents logging in
successfully. So how can I disable this requirement?</div>
<div><br>
</div>
<div>Kind Regards,</div>
<div>Sarp Kaya</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>