Greetings fullstackunicorn,
our context was like: The host was unreachable by any other container inside the cluster.
Since it is unknown how do you build and run your containers or how you’ve automated that process.
Don’t know if you are using docker-compose or you just build them once and not deal at all.
Also don’t know if you are using reverse-proxy traefik or something else.
In our context we just gave a domain to keycloak and added a host parameter to each other container where we needed to access it internally (not externally/over public).
After completing the settlment above this is the API request we perform to keycloak to validate tokens:
Get Request:
https://keycloak-domain/auth/realms/your-realm-id/protocol/openid-connect/userinfo
Header params:
Authorization: Bearer token
Accept: application/json
Response example:
{
“sub”: “4b510fba-d5c5-4554-8cc8-563dd6c5fb33”,
“email_verified”: false,
“name”: “John Doe”,
“preferred_username”: “johndoe”,
“given_name”: “John”,
“family_name”: “Doe”,
“email”: “john@doe.com”
}
The official documentation: https://www.keycloak.org/docs-api/5.0/rest-api/index.html
And you should be aware, based on which part of API you want to consume there are lots of different variations. Some of them like above, require just the realm as parameter to identify what you want to access.
Other requests may require realm and client-id. And if you need to consume Admin REST API, you need to learn to make use of admin-cli client, that would require to perform an authentication request, obtaining a server-side token (storing it on cache/session) and assign it to your future request header params and proceed further.
Often official documentation can be confusing if you’re coming with a background from non-enterprise industry. There is a different mindset on enterprise, when using keycloak api you must break down every relationship as roles/groups and treat them as entire resources.
Additional postman collection example:
