[英]Can I add custom authenticate rest api in keycloak?
I find keycloak restful authentication api in postman,like this:我在邮递员中找到了keycloak restful authentication api,如下所示:
I know this api will return keycloak token if I give correct username and password.我知道如果我提供正确的用户名和密码,这个 api 将返回 keycloak 令牌。 But now, I want to custom a api to let keycloak to finish authenticate like this, then I can obtain a keycloak token.
但是现在,我想自定义一个 api 让 keycloak 像这样完成认证,然后我可以获得一个 keycloak 令牌。
I read keycloak doc, but I think authentication spi can't achieve.我阅读了 keycloak 文档,但我认为身份验证 spi 无法实现。
Is there a way to achieve this?有没有办法做到这一点?
Adding a new API (rest endpoint) to Keycloak is possible, but you should not (and probably can not) use it to add such a custom authentication.可以向 Keycloak 添加新的 API(rest 端点),但您不应该(也可能不能)使用它来添加这样的自定义身份验证。 Keycloak as an identity provider is OAuth/OIDC Connect compliant and the endpoints to get/exchange a token are all part of those specifications.
Keycloak 作为身份提供者符合 OAuth/OIDC Connect 标准,获取/交换令牌的端点都是这些规范的一部分。 So if you want to protect your API using a token provided by Keycloak, you should follow the steps specified on those specs.
因此,如果您想使用 Keycloak 提供的令牌保护您的 API,您应该遵循这些规范中指定的步骤。 I suggest you to read a couple of OAuth/OpenID Connect tutorials on the Internet or have a look at a post like this .
我建议您阅读 Internet 上的一些 OAuth/OpenID Connect 教程或查看类似这样的帖子。 You should first decided what OAuth flow matches your use-case.
您应该首先确定与您的用例匹配的 OAuth 流程。 Then you can go to the Keycloak console and configure clients for your applications.
然后您可以转到 Keycloak 控制台并为您的应用程序配置客户端。 I guess probably you would need one for the caller and one for the service that is going to be called so that they could authenticate themselves to Keycloak.
我想您可能需要一个用于调用者,一个用于将被调用的服务,以便他们可以向 Keycloak 验证自己的身份。 I don't think that for your scenario, you would need any customization on Keycloak.
我认为对于您的场景,您不需要对 Keycloak 进行任何自定义。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.