[keycloak-user] Fwd: Obtain Token and Invoke Service throught CLI

Marko Strukelj mstrukel at redhat.com
Mon Mar 13 10:34:59 EDT 2017


The field definitely exists. If you use web Admin Console to create a new
client, you won't see that field at first. Just click 'Save', and then you
will get a full list of fields including 'Valid Redirect URIs'.

Take a look at Admin CLI (https://keycloak.gitbooks.io/
documentation/server_admin/topics/admin-cli.html) which exists precisely to
allow you to perform Admin REST operations from CLI.

Or if you only need dynamic registration of clients, check out Client
Registration CLI (https://keycloak.gitbooks.io/documentation/securing_apps/
topics/client-registration/client-registration-cli.html).

For that you don't need to create a new client. Every realm automatically
has a public client called 'admin-cli' which is used by default by Admin
CLI, and Client Registration CLI.

However, if you insist on using curl that's possible as well but more
complicated. See
http://lists.jboss.org/pipermail/keycloak-user/2016-July/006793.html.



On Mon, Mar 13, 2017 at 1:05 PM, Mehdi Sheikhalishahi <
mehdi.alishahi at gmail.com> wrote:

> First of all, in curret KC public client does not provide Redirect URI
> field.
> Then, I've create a client without this field.
>
> When I issue the following commnad:
>
> RESULT=`curl --data "grant_type=password&client_id=curl&username=user&password=password" http://localhost:8180/auth/realms/master/protocol/openid-connect/token` <http://localhost:8180/auth/realms/master/protocol/openid-connect/token>
>
> I get the following error:
>
> {"error":"invalid_grant","error_description":"Invalid user credentials"}
> access_token\n
>
>
> On Mon, Mar 13, 2017 at 12:18 PM, Marko Strukelj <mstrukel at redhat.com>
> wrote:
>
>> What is it that you do exactly, and what error do you get?
>>
>> On Mon, Mar 13, 2017 at 11:14 AM, Mehdi Sheikhalishahi <
>> mehdi.alishahi at gmail.com> wrote:
>>
>>> ---------- Forwarded message ----------
>>> From: Mehdi Sheikhalishahi <mehdi.alishahi at gmail.com>
>>> Date: Sat, Mar 11, 2017 at 10:32 AM
>>> Subject: Obtain Token and Invoke Service throught CLI
>>> To: keycloak-user at lists.jboss.org
>>>
>>>
>>> Hi
>>>
>>> I have read http://blog.keycloak.org/2015/10/getting-started-with-
>>> keycloak-securing.html for trying to authenicate to KC with username and
>>> password through CLI. But it seems this method does not work with KC
>>> 2.5.4,
>>> because public client does not provide Redirect URI field.
>>>
>>> See below:
>>>
>>> Obtain Token and Invoke Service
>>>
>>> First we need to create a client that can be used to obtain the token. Go
>>> to the Keycloak admin console again and create a new client. This time
>>> give
>>> it the *Client ID* curl and select public for access type. Under *Valid
>>> Redirect URIs* enter http://localhost.
>>>
>>>
>>> How can I do this with KC 2.5.4?
>>>
>>> Thanks,
>>> Mehdi
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>


More information about the keycloak-user mailing list