[keycloak-user] login via curl

KevinO oneal.kevin at gmail.com
Fri Aug 31 11:35:11 EDT 2018


Yeah, makes sense. Glad you got the curl working!

On Fri, Aug 31, 2018 at 4:01 AM Ronald Demneri <ronald.demneri at amdtia.com>
wrote:

> Hello,
>
>
>
> Yes I receive an error, I had not configured the account client to use
> Direct Access Grants, once I changed that I was able to receive the access
> and refresh tokens.
>
>
>
> Let me explain a bit what I am trying to achieve:
>
> I have a Jenkins instance where I have installed and configured the OIDC
> plugin. Basically login works as it should, but the global log out does
> not. In chrome I can see that the logout URL that Jenkins sends is this one:
>
>
>
>
> http://keycloak:8080/auth/realms/test/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2Fjenkins%3A8080/?id_token_hint=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJZVWJyelJBSUJZemE5bkRUMVZxVmhYWGN5M1VaQ0hNZ1A2S3ZoUXMtOUcwIn0.eyJqdGkiOiJhYjZhZDkwNy01MDViLTQ5YmMtYTdmOC0yMzllNGJlYjE0MTIiLCJleHAiOjE1MzU1NTQyOTMsIm5iZiI6MCwiaWF0IjoxNTM1NTUzOTkzLCJpc3MiOiJodHRwOi8va2V5Y2xvYWs6ODA4MC9hdXRoL3JlYWxtcy90ZXN0LWxoaW5kIiwiYXVkIjoiamVua2lucy1jbGllbnQiLCJzdWIiOiJhY2NmNWJiYi0xZDNkLTRiMDItYWZlMi1iOGZkM2RkMTQ1NDgiLCJ0eXAiOiJJRCIsImF6cCI6ImplbmtpbnMtY2xpZW50IiwiYXV0aF90aW1lIjoxNTM1NTUzOTkzLCJzZXNzaW9uX3N0YXRlIjoiMzQ5Y2Q3ZjMtMjcyMS00MTdmLTg3ZmMtMjJlYmExMDkyOTg0IiwiYWNyIjoiMSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdDEifQ.LuwrieAEQ6eeAaMAir8H42SwwGDqsM8SqLdyDf6vZiHgEtG7Se9zu3iSISmjhzmi1a7t3Hmz4LrzigWNoTQJs7IEMG0xzF3U9OdwzQSK-Lb989IXt_xfYH2vBAZ-jYpFgoCYC-c4vfTf-74-iBP4IPQzeWl31LHarkcD4PemVsZCkUbLnODbCC6fZ2MnJnP_KAC5uVgCvXqfauf0HP8skbPp9tajUm4skuns3rfv2JeLJHIbwdmWSVkqpircWtYGx6j88NKAiudlRGL3vxBx6bC49BZpioK7Q0vXVmt1R24iykp-GyG5H10UiKidzhKS2WcGGmNFhRbGgOcLPEqWFA&state=N2M2MGQ5NDctOGM1OS00&post_logout_redirect_uri=
>
>
>
> Sure enough, it displays an “Invalid redirect uri” in Keycloak. So I was
> trying to mimic the situation with curl and to see whether the issue still
> remains and I have to check the configurations in Keycloak, or if the
> Jenkins plugin does not send Keycloak the uri as Keycloak expects it.
>
>
>
> Makes sense?
>
>
>
> Regards,
>
> Ronald
>
>
>
> *From:* KevinO <oneal.kevin at gmail.com>
> *Sent:* Thursday, August 30, 2018 5:51 PM
> *To:* Ronald Demneri <ronald.demneri at amdtia.com>
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] login via curl
>
>
>
> Whenever I run
>
> curl -v -d "client_id=amin-cli" -d "username=admin" -d "password=keycloak"
> -d "grant_type=password" "
> http://localhost:8070/auth/realms/External/protocol/openid-connect/token"
>
> if something is incorrect, I get a message like
> {"error":"invalid_grant","error_description":"Invalid user credentials"}
>
> Are you getting any json reponse?
>
> What does the log say?
>
>
>
> On Thu, Aug 30, 2018 at 10:35 AM Ronald Demneri <ronald.demneri at amdtia.com>
> wrote:
>
> Yeah, tried that as well, same result. Any other ideas?
>
>
>
> Thanks in advance,
>
> Ronald
>
>
>
> Sent from my HTC
>
>
>
> ----- Reply message -----
> From: "KevinO" <oneal.kevin at gmail.com>
> To: "Ronald Demneri" <ronald.demneri at amdtia.com>
> Cc: "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
> Subject: [keycloak-user] login via curl
> Date: Thu, Aug 30, 2018 17:26
>
>
>
> Try
>
>
>
> curl -d "client_id=account" -d "username=test1" -d "password=1234t1" -d
> "grant_type=password" "
> http://localhost:8070/auth/realms/test/protocol/openid-connect/token
>
>
>
>
>
> On Thu, Aug 30, 2018 at 4:34 AM Ronald Demneri <ronald.demneri at amdtia.com>
> wrote:
>
> Greetings everyone,
>
> I am testing the possibility to login via curl to the account client in my
> test realm and then use the tokens to access another client. I have tried
> this:
> curl -X POST \
> -H "Content-Type: application/x-www-form-urlencoded" \
> -H "cache-control: no-cache" \
> -d
> "grant_type=password&scope=openid&client_id=account&username=test1&password=1234t1"
> \
> "http://keycloak:8080/auth/realms/test /protocol/openid-connect/token" \
> -v
>
> But it gives me:
> * upload completely sent off: 81 out of 81 bytes
> < HTTP/1.1 400 Bad Request
> < Connection: keep-alive
> < Content-Type: application/json
> < Content-Length: 91
>
> What am I doing wrong and apologies if this question has been asked before.
>
> Keycloak version is 4.1.0.Final
>
> Ronald
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>


More information about the keycloak-user mailing list