Dear all,
I have a requirement to provision a oauth client using rest api.
I am really struggling to understand how to do it.
Appreciate if someone can let me know the steps to do it.
Sample curl commands would be great.
Thanks
Thanks a lot for your answer. I was able to invoke the api and create a client.
I have a few followup questions as well.
-
Is having a client which is able to give a token as above necessary to invoke the rest api and create a client ? Or else can I do it using an admin user without creating a client ? (E.g. use a static api key)
-
It seems like the admin API itself is secured with Oauth. Therefore can I assume that I need to call the token endpoint first to get the access token and subsequently invoke the admin REST endpoint that I need (i.e {realm}/clients) ? I think I am looking for a more static way of authentication.
Thanks in advance.
I would suggest to read doc https://www.keycloak.org/documentation. Especially, REAST API auth section https://www.keycloak.org/docs/latest/server_development/#admin-rest-api
Thanks a lot.
On another note, when I set the my client’s Access Type to confidential. it gives me the following error when using password grant type.
{“error”:“unauthorized_client”,“error_description”:“Client secret not provided in request”}
Appreciate any help to understand. Following is my request.
curl -X POST ‘http://localhost:8080/auth/realms/apim/protocol/openid-connect/token’ -H “Content-Type: application/x-www-form-urlencoded” -d “username=apim-user” -d ‘password=apim-password’ -d ‘grant_type=password’ -d ‘client_id=apim-client’
I recommend you to sniff UI queries (UI itself uses REST admin API). Enable direct grant:
and check which client model attribute will be configured - I hope you will see:
"directAccessGrantsEnabled":true
First play with UI and tweak all client configs to fit your needs there, when you don’t know atm what and how to configure via REST Admin API.