Keycloak v3.4.3
Start keycloak :
# -b parameter is used to make server listen on every interface tar -zxvf keycloak-4.0.0.Final.tar.gz cd keycloak-4.0.0.Final/bin/ ./standalone.sh -b 0.0.0.0
Launch browser IN CONTAINER and go to http://localhost:8080
http://localhost:8080
Create admin user
Create realm oab
Create client beer-web (Configure > Clients > Create) :
client ID : beer-web Root URL : http://localhost:8081 Valid Redirect URIs : http://localhost:8081/*
Create user
Create role beer_lover (Configure > Roles > Add Role) Create user (Mange > Users > add user). Set password to that user (Manage > Users > Credentials). Add role beer_lover ot that user. The username and password of scripts should be change to match the created user.
Create client beer-api (Configure > Clients > Create) :
client ID : beer-api Access Type : bearer-only The secret in beer-rest-api configuration file should be change to the secret generated (Configure > Clients > Beer-api > Credentials).
Create client beer-api-client (Configure > Clients > Create) :
client ID : beer-api-client Access Type : confidential keep only Enabled and Diret Access Grants Enabled switch on The client_secret of script getToken-confidentialUser should be change to the secret generated (Configure > Clients > Beer-api > Credentials).
Get token response example :
{ "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJXM19XdWhqZU1mN1NuemI4TV8yYVV0bmM3a3M2T1BXUnB1b3pfbmlDeGE0In0.eyJqdGkiOiI3YzAyN2RlYy1jYzdkLTRhOTMtYWIwNy02YTUyZDA2NjEyMDgiLCJleHAiOjE1MzA1MzcwMTQsIm5iZiI6MCwiaWF0IjoxNTMwNTM2NzE0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvb2FiIiwiYXVkIjoiYmVlci1hcGktY2xpZW50Iiwic3ViIjoiZDA1OGNjYTgtY2QyMi00OWFlLWEwZDEtNzI2N2UyYWVhODJjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYmVlci1hcGktY2xpZW50IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNDkyMjk5MjUtMTZhMi00ZTA2LTk0ZWYtODAxNWFlMjRjYjU5IiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoicnVkeSBydWR5IiwicHJlZmVycmVkX3VzZXJuYW1lIjoicnVkeSIsImdpdmVuX25hbWUiOiJydWR5IiwibG9jYWxlIjoiZnIiLCJmYW1pbHlfbmFtZSI6InJ1ZHkiLCJlbWFpbCI6InJ1ZHkucmVtb2lzc29ubmV0QG9yYW5nZS5jb20ifQ.QZp0lhNVhkL5FpqTn3Y3Te0dV_2n6rQ6OO925EfVAazZXyg4WOA-2BLvnQtC2OHtfrRxFljrNp6F83fHtBrptv7BEUr3iXJyFaJ7vLnzfb_fwfc_E9PqdQL-ld8BJWGtx9UG4APGONwvNKnyMMz5ut1Bd_4nE_mAV9eNeY5SPRBfcLpz4V_Pb3dzAsyvobLCtoBykQ-DWymK3vucQ2Icj41AVPooEOWHY1iamS3NHYY4YdA9aW1uy7_a0e0RK85GeUObHX3RHYe_PyU97cDDHcvBL9HwogLNiF98epiwxnZ9XM8u1DPNR0t_-TOACALmkeZlh7bfYpIzmGlDaf5MoA", "expires_in": 300, "refresh_expires_in": 1800, "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJXM19XdWhqZU1mN1NuemI4TV8yYVV0bmM3a3M2T1BXUnB1b3pfbmlDeGE0In0.eyJqdGkiOiIzMDMwNTViYi0zNGZjLTQ2ZjgtOTlmZi00N2UzNjNmNGYxNTMiLCJleHAiOjE1MzA1Mzg1MTQsIm5iZiI6MCwiaWF0IjoxNTMwNTM2NzE0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvb2FiIiwiYXVkIjoiYmVlci1hcGktY2xpZW50Iiwic3ViIjoiZDA1OGNjYTgtY2QyMi00OWFlLWEwZDEtNzI2N2UyYWVhODJjIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImJlZXItYXBpLWNsaWVudCIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjQ5MjI5OTI1LTE2YTItNGUwNi05NGVmLTgwMTVhZTI0Y2I1OSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIn0.iaDNoerw6XQ8TonvWHuDpQbSzdXRHXISrj1cyG71wyieJaxVrAg8RlroOPwPoDng_-yztJUzIVkE9TnGE1tkDqzRhSf5aFgd7Z1kA8De6ratiKBMZk5rH6z-GIeSqVCK9yH-NWCUgXVem_FviEUprqGm1AsPA-N1LN1tDmImaskgfj87dQ3evhwZWncGm0GRFiPApQWDBlFQeqvLDdTzkF9KzrpxldgDJ08wDQc6fpMcRVSC3ZgAyg8Wik6FjIp300nWRrGFfxFArrIo2brPEYTqOh7C2AGDyIGryxGZKIv9hZ76ySZMhjg1uqyxJEZ21A84dJCbH-nRRqOek5knrg", "token_type": "bearer", "not-before-policy": 0, "session_state": "49229925-16a2-4e06-94ef-8015ae24cb59", "scope": "profile email" }