I followed this and logged in my “app client”
https://developers.redhat.com/blog/2020/01/29/api-login-and-jwt-token-generation-using-keycloak/
I now have an access_token from Keycloak which I hope I can use to progress the Use Case:
to obtain a list of users.
select a user from the list and remove one role and add another
Please can you advise:
-
is there a better URL to “just” get a Token I can use… as this call is a login for the user; but I just need a token for the “app-client”?
-
what do I need to set up in the “Keycloak UI” for the “app-client” user to allow me to access a list of users (e.g. I have set “Full Scope Allowed” for JEDI/Superuser access to the Realm?)?
-
What is the URL to use to find all the users?
-
Once I have selected a user; what is the URL to then remove the role?
-
what is the URL to then add the new role?
public JsonObject getToken() throws IOException { String keycloakServerURL = environmentService.getEnvironmentVariable(EnvironmentService.KEYCLOAK_SERVER); URL url = new URL(keycloakServerURL + "/auth/realms/XXXX/protocol/openid-connect/token"); HttpURLConnection con = (HttpURLConnection) url.openConnection(); con.setRequestMethod("POST"); con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); /* Payload support */ con.setDoOutput(true); DataOutputStream out = new DataOutputStream(con.getOutputStream()); out.writeBytes( "client_id=xxxxxx-app-client&grant_type=password&client_secret=xxxxxx-xxxxxxx-xxxxx-xxxxxxxx&scope=openid&username=bob@xxxxxx.xx&password=password"); out.flush(); out.close(); int status = con.getResponseCode(); BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); JsonReader jsonReader = Json.createReader(in); JsonObject responesAsJson = jsonReader.readObject(); in.close(); con.disconnect(); // Pretty Print of String ObjectMapper objectMapper = new ObjectMapper(); String jSonstring = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(responesAsJson); logger.info("Response: " + jSonstring); // Pretty Print of String logger.info("Response status: " + status); String contentString = responesAsJson.toString(); logger.info("Response: " + contentString); return responesAsJson; }
getting details from the Token:
URL url = new URL(keycloakServerURL + "/auth/realms/XXXXXXX/protocol/openid-connect/token/introspect");
out.writeBytes("client_id=txxxxxx-app-client"
+ "&client_secret=fe7e0c2e-9a18-48a8-81b0-3a560543f75c"
+ "&token="+accessTokenFromUserToken);