keycloak

Refresh access_token via refresh_token in Keycloak

by

keycloak has REST API for creating an access_token using refresh_token. It is a POST endpoint with application/x-www-form-urlencoded Here is how it looks: Method: POST URL: https://keycloak.example.com/auth/realms/myrealm/protocol/openid-connect/token Body type: x-www-form-urlencoded Form fields: client_id : <my-client-name> grant_type : refresh_token refresh_token: <my-refresh-token> This will give you new access token using refresh token. NOTE: if your refresh token is … Read more

Keycloak 8: User with username ‘admin’ already added

by

Just to clarify the other answers. I had the same issue. What helped for me was: stop all containers comment out the two relevant lines version: “3” services: keycloak: image: quay.io/keycloak/keycloak:latest environment: # KEYCLOAK_USER: admin # KEYCLOAK_PASSWORD: pass … start all containers; wait until keycloak container has successfully started stop all containers, again comment back … Read more

How to specify refresh tokens lifespan in Keycloak

by

As pointed out in the comments by @Kuba Šimonovský the accepted answer is missing other important factors: Actually, it is much much much more complicated. TL;DR One can infer that the refresh token lifespan will be equal to the smallest value among (SSO Session Idle, Client Session Idle, SSO Session Max, and Client Session Max). … Read more

Avoid keycloak default login page and use project login page

by

Expanding on the API roles POST to your/keycloak/url/auth/realms/master/protocol/openid-connect/token with data: { client_id : ‘Id_of_your_client’, username : ‘your_username’, password : ‘@#$%^&’, grant_type : “password” } will give you the initial access token and refresh token and POST to the same URL with data: { client_id : ‘Id_of_your_client’, // client_secret : ‘optional depending on the type of … Read more

keycloak Invalid parameter: redirect_uri

by

What worked for me was adding wildchar ‘*’. Although for production builds, I am going to be more specific with the value of this field. But for dev purposes you can do this. Setting available under, keycloak admin console -> Realm_Name -> Cients -> Client_Name. EDIT: DO NOT DO THIS IN PRODUCTION. Doing so creates … Read more

What are Keycloak’s OAuth2 / OpenID Connect endpoints?

by

For Keycloak 1.2 the above information can be retrieved via the url http://keycloakhost:keycloakport/auth/realms/{realm}/.well-known/openid-configuration For example, if the realm name is demo: http://keycloakhost:keycloakport/auth/realms/demo/.well-known/openid-configuration An example output from above url: { “issuer”: “http://localhost:8080/auth/realms/demo”, “authorization_endpoint”: “http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth”, “token_endpoint”: “http://localhost:8080/auth/realms/demo/protocol/openid-connect/token”, “userinfo_endpoint”: “http://localhost:8080/auth/realms/demo/protocol/openid-connect/userinfo”, “end_session_endpoint”: “http://localhost:8080/auth/realms/demo/protocol/openid-connect/logout”, “jwks_uri”: “http://localhost:8080/auth/realms/demo/protocol/openid-connect/certs”, “grant_types_supported”: [ “authorization_code”, “refresh_token”, “password” ], “response_types_supported”: [ “code” ], “subject_types_supported”: [ “public” ], … Read more

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)