动态客户端注册后,Keycloak更新/删除客户端

时间:2020-03-18 14:52:32

标签: keycloak

在Keycloak中动态客户端注册可以正常工作:

curl --request POST \
  --url http://localhost:8080/auth/realms/myrealm/clients-registrations/default \
  --header 'content-type: application/json' \
  --data '{"clientId": "myclient"}'

作为回应,我收到了带有注册AccessToken的客户端表示:

{
  "id": "4c6c36d0-6a53-41d9-be37-46bd0d67ebd2",
  "clientId": "myclient",
  "surrogateAuthRequired": false,
  "enabled": true,
  "clientAuthenticatorType": "client-secret",
  "secret": "1f85aa4e-6cdc-4f6c-83ba-f3c67d4561f2",
  "registrationAccessToken": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI2YWIyYTVjZC0xNjgwLTQ5MTYtYmUzYi0wZmFmMjVmZDczMzQifQ.eyJqdGkiOiI3YjVlMjE5Ny0yZjA5LTQwNTgtYmU0ZC02MDM1M2QzMGFkNWIiLCJleHAiOjAsIm5iZiI6MCwiaWF0IjoxNTg0NTQxNTY5LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvOTQ5IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zLzk0OSIsInR5cCI6IlJlZ2lzdHJhdGlvbkFjY2Vzc1Rva2VuIiwicmVnaXN0cmF0aW9uX2F1dGgiOiJhbm9ueW1vdXMifQ.NCqZ6yJrKz9t3vs65kwM88PNvsZMmxig3vqOmc_iLyE",
  "redirectUris": [],
  "webOrigins": [],
  "notBefore": 0,
  "bearerOnly": false,
  "consentRequired": false,
  "standardFlowEnabled": true,
  "implicitFlowEnabled": false,
  "directAccessGrantsEnabled": false,
  "serviceAccountsEnabled": false,
  "publicClient": false,
  "frontchannelLogout": false,
  "protocol": "openid-connect",
  "attributes": {},
  "authenticationFlowBindingOverrides": {},
  "fullScopeAllowed": true,
  "nodeReRegistrationTimeout": -1,
  "defaultClientScopes": [
    "web-origins",
    "role_list",
    "profile",
    "roles",
    "email"
  ],
  "optionalClientScopes": [
    "address",
    "phone",
    "offline_access",
    "microprofile-jwt"
  ]
}

根据documentation,应该能够使用registrationAccessToken读取,更新和删除客户端:

它将返回一个包括注册访问令牌的客户代表。如果要检索配置,以后更新或删除客户端,则应将注册访问令牌保存在某处。

但是,当尝试读取刚刚创建的客户端时,使用从注册接收到的registrationAccessToken时,会收到401 Unothorized。

curl --request GET \
     --url http://localhost:8080/auth/realms/myrealm/clients-registrations/default/4c6c36d0-6a53-41d9-be37-46bd0d67ebd2 \
     --header 'authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI2YWIyYTVjZC0xNjgwLTQ5MTYtYmUzYi0wZmFmMjVmZDczMzQifQ.eyJqdGkiOiI3YjVlMjE5Ny0yZjA5LTQwNTgtYmU0ZC02MDM1M2QzMGFkNWIiLCJleHAiOjAsIm5iZiI6MCwiaWF0IjoxNTg0NTQxNTY5LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvOTQ5IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zLzk0OSIsInR5cCI6IlJlZ2lzdHJhdGlvbkFjY2Vzc1Rva2VuIiwicmVnaXN0cmF0aW9uX2F1dGgiOiJhbm9ueW1vdXMifQ.NCqZ6yJrKz9t3vs65kwM88PNvsZMmxig3vqOmc_iLyE'

< HTTP/1.1 401 Unauthorized
{
  "error": "invalid_token",
  "error_description": "Not authorized to view client. Not valid token or client credentials provided."
}

知道我缺少什么吗?

1 个答案:

答案 0 :(得分:1)

尝试从以下位置更改:

--url http://localhost:8080/auth/realms/myrealm/clients-registrations/default/4c6c36d0-6a53-41d9-be37-46bd0d67ebd2 \

收件人:

--url http://localhost:8080/auth/realms/myrealm/clients-registrations/default/myclient \
相关问题
最新问题