问题
I am running Keyrock Fiware locally on my laptop in docker. I know this is working because I can visit http://localhost:8000 and http://localhost:8000/sign_up through my browser and they respond correctly.
I am having trouble when it comes to creating API calls. I am trying to use Postman, but I am having trouble with obtaining an auth-token, which is required to make some api calls.
Following this guide I am trying to create a POST request to http:/localhost:8000/oauth2/tokens
This by itself doesn't seem to work and I need to add other information like
grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD
&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET`
I don't know where this information is supposed to go in my Postman request.
I have the field Authorization, Headers, Body, and in Headers I have the field key, value and description but, I don't understand which of these is the right one.
回答1:
Short answer:
The IdM Keyrock API requires authentication for most of its endpoints, so you should actually generate a token. How to generate a token is something more complicated that needs some background to be explained. If you are using the official IdM keyrock GE I totally recommend you to watch this tutorial about this component in Fiware Academy. It explains among other things how to generate an OAuth2 token using an OAuth2 client and the IdM keyrock.
Long answer:
The GE IdM Keyrock consists of two projects: Horizon and Keystone. Both are forks of Openstack projects that you can find in Github. When you consume services to port 8000 you are calling Horizon services which is the frontend component. On the other hand when you consume services to port 5000 you are calling Keystone services which is the backend component. By the way if you are looking for more info about this APIs you could find it here:
- IdM Keyrock APIs
- Openstack Keystone API v3
The tricky part is that while keystone handles its own internal tokens (keystone tokens), FIWARE uses OAuth2 tokens to integrate with other GEs. For this reason you will find OAuth2 extensions within the keyrock APIs. So, depending on which API you want to consume, what kind of token you will need: Keystone token or OAuth2 token.
For example, if you want to retrieve the existing users using the following service, you will need a Keytone token.
GET http://localhost:5000/v3/users
Finally, to generate a keystone token you could use the following service of the keystone API:
POST http://[keyrock_host]:5000/v3/auth/tokens
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": [ADMIN_USER],
"domain": { "name": "default" },
"password": [ADMIN_PWD]
}
}
}
}
}
If you installed Keyrock from Docker Hub image or even from the official source code repository try with "idm" for ADMIN_USER and ADMIN_PWD.
I hope I have been helpful. Good luck with the tesis!
来源:https://stackoverflow.com/questions/46098895/obtain-auth-token-from-keyrock-fiware-api