Skip to main content

Getting access to API 2.0

Below example is for staging Keycloak and guineapig client.
Please change urls and client accordingly to your needs.

Users created directly in account realm

To retrieve an authorization token for Rest calls, send a POST request to https://auth.we.staging-adhese.org/realms/guineapig/protocol/openid-connect/token with the parameters:

  • username
  • password
  • client_id=adhese-app
  • grant_type=password

Using curl:

curl --location 'https://auth.we.staging-adhese.org/realms/guineapig/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=adhese-app' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=username' \
--data-urlencode 'password=password'

You will get back an access token:

{
    "access_token": "<access_token>",
    "expires_in": 60,
    "refresh_expires_in": 1800,
    "refresh_token": "<refresh_token>",
    "token_type": "Bearer",
    "not-before-policy": 0,
    "session_state": "0821e5b7-4420-4f8c-9a9f-4b98afc3fb6c",
    "scope": "profile email"
}

To execute Rest requests that require authorization, add an Authorization header with value Bearer <access_token>, where <access_token> is the access_token returned by the above request and add an Use-Keycloak-Auth header with value true

curl --location 'https://guineapig.staging-adhese.org/api/users/me' \
--header 'Use-Keycloak-Auth: true' \
--header 'Authorization: Bearer <access_token>'

Users from IDP

NOTE: Right now only guineapig is set up to support this flow. Other clients will be set up soon.

  1. Read IDP client secret https://auth.we.staging-adhese.org/admin/master/console/#/master/clients/56c93ae2-be1b-4177-98ac-24e0aab7c1ae/credentials
  2. Fetch token using IDP client 
    curl --location 'https://auth.we.staging-adhese.org/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=adhese-guineapig-realm-idp' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=name.surname@adhese.eu' \
--data-urlencode 'password=password' \
--data-urlencode 'client_secret=client_secret' \
--data-urlencode 'scope=openid'
  3. Exchange IDP token to realm specific token 
    curl --location 'https://auth.we.staging-adhese.org/realms/guineapig/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'client_id=adhese-app' \
--data-urlencode 'subject_token=idp_token' \
--data-urlencode 'subject_issuer=adhese-employee-oidc' \
--data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:access_token'
  4. Use exchanged token to access client application endpoints
No Comments
Back to top