A working example of an Auth Service that supports microservices authorization: piggymetrics
The Admin REST API
Authenticating
export ACCESS_TOKEN=$(curl -X POST 'http://localhost:10001/auth/realms/master/protocol/openid-connect/token' \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin" \
-d 'password=secret' \
-d 'grant_type=password' \
-d 'client_id=admin-cli' | jq -r '.access_token')
Note: I set the admin-cli
Access Type to confidential
.
Basic Operations
curl -X GET 'http://localhost:10001/auth/admin/realms/development/users' \
-H "Accept: application/json" \
-H "Authorization: Bearer $ACCESS_TOKEN" | jq .
Output:
{
"id": "35129fce-98de-47e6-85cc-cdb81b46c0d2",
"createdTimestamp": 1578541188081,
"username": "rob.ferguson",
"enabled": true,
"totp": false,
"emailVerified": false,
"firstName": "Rob",
"lastName": "Ferguson",
"email": "rob.ferguson@robferguson.org",
"federationLink": "b02e5323-0ea4-442c-ba59-5e997d0c5f94",
"attributes": {
"LDAP_ENTRY_DN": [
"uid=rob.ferguson,ou=users,dc=flowable,dc=org"
],
"LDAP_ID": [
"rob.ferguson"
],
"modifyTimestamp": [
"20200109033948Z"
],
"createTimestamp": [
"20200109033948Z"
]
},
"disableableCredentialTypes": [],
"requiredActions": [],
"notBefore": 0,
"access": {
"manageGroupMembership": true,
"view": true,
"mapRoles": true,
"impersonate": true,
"manage": true
}
}
Ref: