have to create OAuth login to Grafana with Keycloak as a SSO. I created Realm with Client (confidential, valid redirect URI is a Grafana URI). Now when I’m starting Grafana (with ansible) I have to create grafana.ini
and put there client-secret
. I want to make it automatically and I was trying to get client-secret
from Keycloak API, in that order https://localhost:8080/auth/realms/realm_name/protocol/openid-connect/token
with username and password, then https://localhost:8080/auth/admin/realms/realm_name/clients
givin access token, then https://localhost:8080/auth/admin/realms/client_name/clients/{{id of client}}
with access token. But… I’ve got problem at beginning - first endpoint requires client secret
when it’s confidential client. Is it possible to get client secret from API with confidential client? I’m running Keycloak and Grafana as containers from ansible, so I want to make it “automatic”.
Thanks for your help.