[keycloak-user] Endpoint URL's
Christopher Wallace
cjwallac at gmail.com
Wed Feb 25 07:41:27 EST 2015
One correction this is refering to the account app json not worktrac as
specified below:
{
"realm": "worktrac",
"realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJSuOKHBTZxV4/KKAZH8i4+nB/65IY8VDe+70pWrJSpm0pJICfSbnSmJ3YFKKK3B1RR1Ev8mxFRyVTVm+TZgflkZ8HJM+wfEGgySMZvBlRAsR2yI0mmTrbGBA8c6RJAA4B2+9nxk0/iXCJGq545aDvbXjPMuhy6zf3OqpdqgcFYQIDAQAB",
"auth-server-url": "http://localhost:8082/auth",
"ssl-required": "none",
"resource": "account",
"public-client": true,
"use-resource-role-mappings": true,
"enable-cors" : true,
"cors-max-age" : 1000,
"cors-allowed-methods": "POST, PUT, DELETE, GET"
}
On Wed, Feb 25, 2015 at 7:34 AM, Christopher Wallace <cjwallac at gmail.com>
wrote:
> I am receiving Cross-Origin Request Blocked: The Same Origin Policy
> disallows reading the remote resource at
> http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo.
> This can be fixed by moving the resource to the same domain or enabling
> CORS. What 'application' does the
> http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo
> url use for it's origins? I have worktrac realm worktrac app and account
> app both configured with http://localhost:8080/* which is the origin.
> Also it seems like that's the errors it's indicated, but I also see a 404
> error for this URL. I have valid Subject, idtoken and token as I printed
> them to the console and included below. I also pasted the java code and my
> keycloak.json which seems to be working upto "Here 2". It seems this is 90%
> there it's just failing at the actual call.
>
>
> *"subject"*
>
>
>
>
>
> *"441e652f-fc78-453e-90dd-2b998eb771d7"
> "idtoken""eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiNWJmZDlkYzItYzU1NC00YTY2LWE0MDAtN2EwNmQxODZjNDNmIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlfQ.HNR7tHN7jngluZNEJsrL-CVDzP96mIm4jMZVqvy56w_rsRjvvTuvj8Ke4raWyDVXzbZv4TmSk5iobPAzXlUCx4KLlHlrC6W5yTGXJ20Mgn73PHlsM3dCOJIyFYs6o2J19a8iZyHtuS5BwXiR44Ba5xPmzw9LVNmOm4ppropTPgE"
> MyController.js:86"token"
> "eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiMzY0YjE3YjQtNjJkZS00NDY5LWFkYjUtNDdmMmYzNGU1NDBjIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJzZXNzaW9uX3N0YXRlIjoiZmQzNTY4OTAtMDUyMy00Y2JkLWE2OTEtZTk0MDQxOTYyZDc1IiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC8qIiwiaHR0cDovL2xvY2FsaG9zdDo4MDgwIl0sInJlc291cmNlX2FjY2VzcyI6eyJ3b3JrdHJhYyI6eyJyb2xlcyI6WyJhZG1pbiIsInVzZXIiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.R8NdAIf2P3-6JfxE9maP6PtPGE04zdM8LgaUbLqqfKOEDu2Pe5JMoUO5tbD20_oYMe_gr6jZOJsOmY01VtuWHVYczS7KIRXm3KnmrKIBeNXETPineb1wT7MgtzKYcf3MqoLcje1vR48iTbVlSszb2Np8Jqo4wa7cGSfadaZApgU"
> *
>
> var keycloak = Keycloak();
> var loadData = function () {
>
> console.log(keycloak.subject);
> console.log('idtoken');
> console.log(keycloak.idToken);
> console.log('token');
> console.log(keycloak.token);
>
> var url = '
> http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo
> ';
> var req = new XMLHttpRequest();
>
> req.open('GET', url, true);
> req.setRequestHeader('Accept', 'application/json');
> req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token);
>
> console.log('Here 1');
> req.onreadystatechange = function () {
> if (req.readyState == 4) {
> console.log('Here 2');
> if (req.status == 200) {
> console.log('render page 3');
> var users = JSON.parse(req.responseText);
> var html = '';
> for (var i = 0; i < users.length; i++) {
> html += '<p>' + users[i] + '</p>';
> }
> console.log('HTML');
> console.log(html);
> console.log('finished loading data');
> }
> }
> };
>
> req.send();
> };
>
>
> var loadFailure = function () {
> document.getElementById('customers').innerHTML = '<b>Failed to
> load data. Check console log</b>';
> };
>
> var reloadData = function () {
> keycloak.updateToken(10)
> .success(loadData)
> .error(function() {
> document.getElementById('customers').innerHTML = '<b>Failed to
> load data. User is logged out.</b>';
> });
> };
>
>
> keycloak.init({ onLoad: 'login-required' }).success(reloadData);
>
> keycloak.json
> {
> "realm": "worktrac",
> "realm-public-key":
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJSuOKHBTZxV4/KKAZH8i4+nB/65IY8VDe+70pWrJSpm0pJICfSbnSmJ3YFKKK3B1RR1Ev8mxFRyVTVm+TZgflkZ8HJM+wfEGgySMZvBlRAsR2yI0mmTrbGBA8c6RJAA4B2+9nxk0/iXCJGq545aDvbXjPMuhy6zf3OqpdqgcFYQIDAQAB",
> "auth-server-url": "http://localhost:8082/auth",
> "ssl-required": "none",
> "resource": "worktrac",
> "public-client": true,
> "use-resource-role-mappings": true,
> "enable-cors" : true,
> "cors-max-age" : 1000,
> "cors-allowed-methods": "POST, PUT, DELETE, GET"
> }
>
> On Wed, Feb 25, 2015 at 12:10 AM, Stian Thorgersen <stian at redhat.com>
> wrote:
>
>>
>>
>> ----- Original Message -----
>> > From: "Christopher Wallace" <cjwallac at gmail.com>
>> > To: "Stian Thorgersen" <stian at redhat.com>
>> > Cc: yonim at odoro.co.il, keycloak-user at lists.jboss.org
>> > Sent: Tuesday, February 24, 2015 7:21:11 PM
>> > Subject: Re: [keycloak-user] Endpoint URL's
>> >
>> > I am actually not able to access any of the REST urls I tried from
>> >
>> http://docs.jboss.org/keycloak/docs/1.1.0.Final/rest-api/overview-index.html
>> > is this something that needs to be enabled or installed speratly from
>> the
>> > keycloak appliance?
>>
>> They should work fine as long as you have a token to invoke them with.
>> Have you look at admin-access-app example? We also have a Java wrapper for
>> this that makes it easier to invoke from Java, see the admin-client example
>> for that.
>>
>> >
>> > On Tue, Feb 24, 2015 at 12:19 PM, Christopher Wallace <
>> cjwallac at gmail.com>
>> > wrote:
>> >
>> > > Yoni,
>> > >
>> > > Where you able to get this to work? I am attempting to get user
>> > > information also using
>> > > http://localhost:8082/auth/realms/
>> <realm>/protocol/openid-connect/userinfo
>> > > and it doesn't bring back any data. Any trics?
>> > >
>> > > Chris W.
>> > >
>> > > On Mon, Feb 23, 2015 at 8:16 AM, Stian Thorgersen <stian at redhat.com>
>> > > wrote:
>> > >
>> > >>
>> > >>
>> > >> ----- Original Message -----
>> > >> > From: yonim at odoro.co.il
>> > >> > To: "Stian Thorgersen" <stian at redhat.com>
>> > >> > Cc: keycloak-user at lists.jboss.org
>> > >> > Sent: Monday, February 23, 2015 10:39:14 AM
>> > >> > Subject: RE: [keycloak-user] Endpoint URL's
>> > >> >
>> > >> > Ok.. a bit frustrating.
>> > >> >
>> > >> > Any change the 1.2.0 Beta solves some of the issues? I can build
>> it if
>> > >> > needed...
>> > >>
>> > >> Afraid not. We are planning to add the discovery endpoint, but it
>> may be
>> > >> a month or so before we get time.
>> > >>
>> > >> >
>> > >> > I've tried openid4java (on top of spring security ) and another
>> client
>> > >> > (mitred one, their client not the server) and both looked for the
>> > >> discovery
>> > >> > endpoint.
>> > >> >
>> > >> > Assuming I switch from opened-connect to OAuth - how can I get the
>> > >> userinfo
>> > >> > after that? any special endpoint to oauth userinfo after I got the
>> > >> token?
>> > >>
>> > >> You can invoke /auth/realms/{name}/protocol/openid-connect/userinfo
>> with
>> > >> the token.
>> > >>
>> > >> >
>> > >> > Cheers,
>> > >> > Yoni
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> > -----Original Message-----
>> > >> > From: Stian Thorgersen [mailto:stian at redhat.com]
>> > >> > Sent: Monday, February 23, 2015 10:52 AM
>> > >> > To: Yoni Moses
>> > >> > Cc: keycloak-user at lists.jboss.org
>> > >> > Subject: Re: [keycloak-user] Endpoint URL's
>> > >> >
>> > >> > Hi,
>> > >> >
>> > >> > We haven't added the discovery part of OpenID Connect yet and
>> there are
>> > >> some
>> > >> > issues with the docs as the protocol related endpoints are
>> missing. The
>> > >> > endpoints of interest to you are:
>> > >> >
>> > >> > * /auth/realms/{name}/protocol/openid-connect/login
>> > >> > * /auth/realms/{name}/protocol/openid-connect/access/codes
>> > >> > * /auth/realms/{name}/protocol/openid-connect/refresh
>> > >> > * /auth/realms/{name}/protocol/openid-connect/userinfo
>> > >> >
>> > >> > We are actively working on better integration with other openid
>> connect
>> > >> > client libraries, so let us know what works and what doesn't.
>> > >> >
>> > >> > ----- Original Message -----
>> > >> > > From: "Yoni Moses" <yonim at odoro.co.il>
>> > >> > > To: keycloak-user at lists.jboss.org
>> > >> > > Sent: Sunday, February 22, 2015 1:07:36 PM
>> > >> > > Subject: [keycloak-user] Endpoint URL's
>> > >> > >
>> > >> > > Hi,
>> > >> > >
>> > >> > > I've been trying keycloak , very impressive!
>> > >> > > I don't intended to use it as the sample in jee but rather
>> through
>> > >> openid
>> > >> > > provider in my case its openid4java with spring security.
>> > >> > > I've been struggling with configuration of the endpoint
>> especially
>> > >> with
>> > >> > > discovery end point..
>> > >> > > is there somewhere in the doc the list of endpoints keycloak has?
>> > >> > > so far I've been trying with /auth/realms/{name}
>> > >> > >
>> > >> > >
>> > >> > > Thanks,
>> > >> > > Yoni
>> > >> > >
>> > >> > >
>> > >> > > _______________________________________________
>> > >> > > keycloak-user mailing list
>> > >> > > keycloak-user at lists.jboss.org
>> > >> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> > >> >
>> > >> >
>> > >> _______________________________________________
>> > >> keycloak-user mailing list
>> > >> keycloak-user at lists.jboss.org
>> > >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> > >>
>> > >
>> > >
>> > >
>> > > --
>> > > Chris Wallace
>> > > cjwallac at gmail.com
>> > > c: 570.582.9955
>> > >
>> >
>> >
>> >
>> > --
>> > Chris Wallace
>> > cjwallac at gmail.com
>> > c: 570.582.9955
>> >
>>
>
>
>
> --
> Chris Wallace
> cjwallac at gmail.com
> c: 570.582.9955
>
--
Chris Wallace
cjwallac at gmail.com
c: 570.582.9955
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150225/c5dfbd51/attachment-0001.html
More information about the keycloak-user
mailing list