[keycloak-user] Create initial access token from command line
Puneeth M I
puneethmi at gmail.com
Wed Jan 16 06:43:12 EST 2019
Hi,
I want to create an initial access token with expiration=60 seconds and
count=1 from command line using admin-cli through kcadm.sh script or a curl
command and share with the clients to register(create clients) themselves
at keycloak. I am using the following curl command as per the keycloak
document but I am getting 401 unauthorized error. I am create an Initial
access token from admin console but I don't want to expose it. *Please let
me know on how to generate InitialAccessToken from CLI to register a
client. *
*# curl -i -H 'Content-Type: application/json' -X
POST http://<keycloak-IP>:<port>/auth/admin/realms/master/clients-initial-access
<http://10.91.96.30:8665/auth/admin/realms/master/clients-initial-access> -d
"client_id=admin-cli&grant_type=password&username=admin&password=admin"*
HTTP/1.1 401 Unauthorized
Connection: keep-alive
Content-Length: 0
Date: Tue, 15 Jan 2019 09:16:07 GMT
*I am able to register a client using the access token obtained from below
command but I cannot control it for number of client registrations.*
# *curl -i -H 'Content-Type: application/x-www-form-urlencoded' -X
POST http://<keycloak-ip>:<port>/auth/realms/master/protocol/openid-connect/token
<http://10.91.96.30:8665/auth/realms/master/protocol/openid-connect/token> -d
"client_id=admin-cli&grant_type=password&username=admin&password=admin"*
1. HTTP/1.1 200 OK
Connection: keep-alive
Cache-Control: no-store
Set-Cookie: KC_RESTART=; Version=1; Expires=Thu, 01-Jan-1970 00:00:10
GMT; Max-Age=0; Path=/auth/realms/master/; HttpOnly
Pragma: no-cache
Content-Type: application/json
Content-Length: 1848
Date: Tue, 15 Jan 2019 06:37:47 GMT
{"access_token":"eyJhbGciOiJSUzI1NiIs....","expires_in":60,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOi.....","token_type":"bearer","not-before-policy":0,"session_state":"7af01cbb-f268-4263-bed2-c11a14008949","scope":"email
profile"}
I am using Keycloak - Version *4.5.0* in standalone-HA mode.
Regards,
Puneeth
More information about the keycloak-user
mailing list