Hi to all, I’m searching a way to authenticate via curl or postman versus keycloak but using an identity brokering provider configured inside keycloak. using the browser all works fine but I can’t find the correct post parameter to pass in the post call. someone has some ideas?
thanks!
There isn’t a great way to do this. You need to go through a browser flow (rather than a direct password or client_credentials grant type) to use the command line.
I have seen a tool for command line applications built around the Device Authorization Grant type, but that would take some custom work.
Thanks for reply! so is not possible to make a single post to authenticate versus an identity brokering? i hope that there was some body parameter to specify it.
thanks
Correct. Keycloak has no way of passing credentials to an external IdP, so it is not possible.
Hi,
With postman this will work: In the authorization tab of your request, select type OAuth 2.0 and configure according your client defined in keycloak. Then click on “get new access token”, this will launch your local default browser and postman opening a small web server to catch the callback.
regards,
Matthias
By “custom work” do you mean some client tool that uses CLI to do the curl calls, but actually does some work on its end?
I’m looking at this flow Brokering Overview | keycloak-documentation (gitbooks.io)
I guess that to implement that, one would have to
Is that correct?
Which would mean that implementing all that is nearly impossible, mainly because of the external id provider, the best Keycloak can do is provide some neat redirections, but there’s no controlling what the id provider might return.
And I guess what postman does is manage the redirections and open the id provider’s web page in a browser.
–
JRobinss