问题
I'm working on integrating Keycloak into an existing application. As part of this process I need to test that the web application can accept jwt tokens generated from keycloak.
I have read the API docs http://www.keycloak.org/docs-api/3.4/rest-api/index.html and could not find any methods for creating a jwt token.
Does anyone know of any REST api methods for creating a jwt token in Keycloak?
回答1:
As per the keycloak mailing list details provided by keycloak mailing list members [Виталий Ищенко and Hynek Mlnarik]
Depends a lot on what JWT you want to issue. For samples of generating access token, see [1], for action token, see [2], custom, see [3].
[1]https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java#L698
[2]https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionToken.java#L140
[3]https://github.com/keycloak/keycloak/blob/master/core/src/main/java/org/keycloak/jose/jws/JWSBuilder.java
Keycloak follows OIDC spec, and you can use any of flows, defined in OAuth2 [1] as well as some additional flows added in OIDC
OIDC dictates usage of JWT, so access tokens (as well as refresh_token, id_token and others are JWT) will be returned in JWT format
To find out addresses of token and authentication, keycloak provides OIDC
discovery url, i.e. http://keycloakhost:keycloakport/auth/realms/{realm}/.well-known/openid-configuration
There are bunch of libs that will allow to simplify token request procedures written for OIDC spec. But Keycloak has a set of adapters written, that can fit nicely into your existing technology stack [2]. I think allow of them allow to access raw JWT tokens
[1] https://aaronparecki.com/oauth-2-simplified/
[2] http://www.keycloak.org/docs/latest/securing_apps/index.html#openid-connect-3
来源:https://stackoverflow.com/questions/48877229/how-to-generate-jwt-token-through-keycloak-rest-api