无法从 KeyCloak 获取访问令牌
[英]Unable to get the access token from KeyCloak
问题描述
I am trying to get the access token from the Keycloak server using postman.
我正在尝试使用邮递员从 Keycloak 服务器获取访问令牌。
I have been following this link and created the realm, user, role credentials as mentioned in the tutorial.我一直在关注此链接并创建了本教程中提到的领域、用户、角色凭据。
But when I make the request, it goes on indefinitely, without returning anything.但是当我提出请求时,它会无限期地持续下去,不返回任何东西。
edit: I tried grant_type as "password" and "client_credentials" as well.编辑:我也尝试将 grant_type 作为“密码”和“client_credentials”。 But no luck.但没有运气。
2 个解决方案
解决方案1
2 2019-11-25 07:52:37
Here is the right way to get the Token from PostMan这是从 PostMan 获取 Token 的正确方法
https://<IP ADDRESS>:<PORT>/auth/realms/master/protocol/openid-connect/token
In Body Section select x-www-form-urlencoded在正文部分选择x-www-form-urlencoded
{
"username": "username",
"password": "password",
"client_id": "APP-NAME",
"grant_type": "password",
"client_secret": "462fe347-d47f-4365-94ee-6aefff994ef2"
}
For more clear cut solution use like this像这样使用更清晰的解决方案
If you want to from through `curl` command then use below command
curl -X POST -k -H 'Content-Type: application/x-www-form-urlencoded' -i 'https://<IP>:<PORT>/auth/realms/master/protocol/openid-connect/token' --data 'username=username&password=password&client_id=CLIENT-ID&grant_type=password&client_secret=462fe347-d47f-4365-94ee-6aefff994ef2'
**EDIT ** **编辑 **
As discussed with OP in SO chat at last found solution ,OP was creating user with temp password so every-time user login it have to change the password thats why its failing .After OP changed the disable the option its started working正如在 SO 聊天中与 OP 讨论的最后找到的解决方案,OP 正在使用临时密码创建用户,因此每次用户登录时都必须更改密码,这就是它失败的原因。 OP 更改禁用选项后,它开始工作
解决方案2
2 2019-11-25 10:55:49
In this example you can't use client_credentials because you don't have a client secret here you can read about Client Credentials Grant .在此示例中,您不能使用client_credentials,因为您在此处没有客户端机密,您可以阅读有关Client Credentials Grant 的信息。 It's also used mainly for server to server communication.它也主要用于服务器到服务器的通信。 You should not use password grant but for the examples sake its ok I guess.你不应该使用密码授权,但为了示例的缘故,我猜它没问题。 Password Grant密码授予
so this is what I get所以这就是我得到的
The question is how have you configured your spring-boot application?问题是你是如何配置你的 spring-boot 应用程序的? Here are the application.properties like mentioned in the tutorial:以下是教程中提到的 application.properties:
keycloak.realm=SpringBootKeycloak
keycloak.auth-server-url=http://localhost:8080/auth/
keycloak.resource=login-app
keycloak.public-client=true
and this is how my SecurityConfig looks like这就是我的 SecurityConfig 的样子
@Configuration
@EnableWebSecurity
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/*")
.hasRole("user").anyRequest().permitAll();
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.