How to generate jwt token through keycloak rest ap

2020-06-16 04:18发布

问题:

I'm working on integrating Keycloak into an existing application. As part of this process I need to test that the web application can accept JWT tokens generated from keycloak.

I have read the API docs http://www.keycloak.org/docs-api/3.4/rest-api/index.html and could not find any methods for creating a JWT token.

Does anyone know of any REST API methods for creating a JWT token in Keycloak?

回答1:

As per the keycloak mailing list details provided by keycloak mailing list members [Виталий Ищенко and Hynek Mlnarik]

Depends a lot on what JWT you want to issue. For samples of generating access token, see [1], for action token, see [2], custom, see [3].

[1]https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java#L698

[2]https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionToken.java#L140

[3]https://github.com/keycloak/keycloak/blob/master/core/src/main/java/org/keycloak/jose/jws/JWSBuilder.java

Keycloak follows OIDC spec, and you can use any of flows, defined in OAuth2 [1] as well as some additional flows added in OIDC

OIDC dictates usage of JWT, so access tokens (as well as refresh_token, id_token and others are JWT) will be returned in JWT format

To find out addresses of token and authentication, keycloak provides OIDC discovery url, i.e. http://keycloakhost:keycloakport/auth/realms/{realm}/.well-known/openid-configuration

There are bunch of libs that will allow to simplify token request procedures written for OIDC spec. But Keycloak has a set of adapters written, that can fit nicely into your existing technology stack [2]. I think allow of them allow to access raw JWT tokens

[1] https://aaronparecki.com/oauth-2-simplified/

[2] http://www.keycloak.org/docs/latest/securing_apps/index.html#openid-connect-3



标签: jwt keycloak