TechQA.

Keycloak API using admin user

325 views Asked by At

I'm working with keycloak API to access offline user's sessions; I noticed a strange behavior and thus my question:

a. When I use postman, I get the access token with this url: http://localhost:8080/realms/master/protocol/openid-connect/token

b. From the above, I use said token in postman to retrieve the offline sessions:

http://localhost:8080/admin/realms/master/clients/5729288b-c789-45ac-8915-da32b7b9fe49/offline-sessions

where '5729288b-c789-45ac-8915-da32b7b9fe49' is the admin-cli ID; username and password are all the defaults of the admin user and the client is 'admin-cli'

Everything works fine in postman, and I'm able to retrieve the offline sessions. However, when I do the same with the Keycloak API using the springboot webclient I get 403 Forbidden

a. Get the token from the below:

private String getToken(){
   
    MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
    map.add("username", username);
    map.add("password", password);
    map.add("client_id", clientId);
    map.add("grant_type", grantType);
    map.add("scope", "openid");

    ResponseEntity<LoginResponse> loginResponse = webclient.post()
            .uri(uriBuilder -> UriBuilder.fromUri(tokenEndpoint).build())
            .contentType(MediaType.APPLICATION_JSON)
            .body(BodyInserters.fromFormData(map))
            .retrieve()
            .toEntity(LoginResponse.class)
            .block();

    return loginResponse.getBody().getAccess_token();
}

b. Try to retrieve offline sessions with the above access-token

public UserSessionRepresentation[] getMasterOfflineSessions(){

    UserSessionRepresentation[] response = webclient.get()
            .uri(uriBuilder -> UriBuilder.fromUri(offlineSessionsUrl)
                    .build(cliId))
            .headers(h -> h.setBearerAuth(getToken()))
            .retrieve()
            .bodyToMono(UserSessionRepresentation[].class)
            .block();

    return response;
}

offlineSessionsUrl is: http://localhost:8080/admin/realms/master/clients/5729288b-c789-45ac-8915-da32b7b9fe49/offline-sessions

5729288b-c789-45ac-8915-da32b7b9fe49:is the id for the admin-cli client

What I don't understand is that I can retrieve the sessions in postman, but I can't do so using the API and the springboot webclient with all configurations being equal.

Please help

spring-boot keycloak spring-webclient keycloak-admin-cli
Original Q&A
1

There are 1 answers

0
amelongo On

Answering my own question; the issue here was was the: webclient spring property

In springboot, it was using the definition within the configuration that pointed to another client. To make it work for the admin-cli client, I had to use a clean object of webclient as illustrated in the below code:

public UserSessionRepresentation[] getMasterOfflineSessions(){

UserSessionRepresentation[] response = WebClient.create().get()
        .uri(uriBuilder -> UriBuilder.fromUri(offlineSessionsUrl)
                .build(cliId))
        .headers(h -> h.setBearerAuth(getToken()))
        .retrieve()
        .bodyToMono(UserSessionRepresentation[].class)
        .block();

return response;

}

The WebClient.create() is the piece of code I changed to resolve the issue

Related Questions in SPRING-BOOT

Related Questions in KEYCLOAK

Related Questions in SPRING-WEBCLIENT

Related Questions in KEYCLOAK-ADMIN-CLI

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions