如何使用grant_typeauthorization_code获取访问令牌?

时间:2020-07-21 13:23:56

标签: java oauth-2.0 keycloak

我使用Keycloak保护我的应用程序,并且编写了一个bash脚本,该脚本通过curl向Keycloak服务器发出访问令牌请求,如下所示:

#!/bin/bash

export KC_REALM=databaker
export KC_USERNAME=user1@example.io
export KC_PASSWORD=databaker
export KC_CLIENT=account
export KC_SERVER=localhost:8080
export KC_CONTEXT=auth
export KC_CLIENT_SECRET=9aac2131-1316-4d72-8f32-9d65cdc23a17

# Request Tokens for credentials
export KC_URL=http://$KC_SERVER/$KC_CONTEXT/realms/$KC_REALM/protocol/openid-connect/token
echo "URL => $KC_URL"


export KC_RESPONSE=$(
        curl -X POST \
        -H "content-type: application/x-www-form-urlencoded" \
        -d "username=$KC_USERNAME" \
        -d "password=$KC_PASSWORD" \
        -d "grant_type=authorization_code" \
        -d "client_id=$KC_CLIENT" \
        -d "client_secret=$KC_CLIENT_SECRET" \
        $KC_URL |
        jq .
)

echo "$KC_RESPONSE"

if grep -q "error" <<< "$KC_RESPONSE"; then
  echo "++++++++Error+++++++++"
  exit 1
fi


export KC_ACCESS_TOKEN=$(echo $KC_RESPONSE | jq -r .access_token)
echo $KC_ACCESS_TOKEN

export SVC=http://localhost:9090/genders
export SVC_RES=$(curl \
        -H "Authorization: Bearer $KC_ACCESS_TOKEN" \
        -H "Accept: application/json" \
        $SVC |
        jq .)
echo $SVC_RES

很遗憾,我没有收到任何访问令牌。 Keycloak的响应如下:

{
  "error": "invalid_client",
  "error_description": "Parameter client_assertion_type is missing"
}

客户端account的配置如下:

enter image description here

Keycloak OIDC JSON

{
  "realm": "databaker",
  "auth-server-url": "http://localhost:8080/auth/",
  "ssl-required": "external",
  "resource": "account",
  "verify-token-audience": true,
  "credentials": {
    "secret-jwt": {
      "secret": "9aac2131-1316-4d72-8f32-9d65cdc23a17"
    }
  },
  "use-resource-role-mappings": true,
  "confidential-port": 0
}

我在做什么错了?

0 个答案:

没有答案
相关问题
最新问题