Skip to main content

Getting access to API 2.0

Below example is for staging Keycloak and guineapig client.
Please change urls and client accordingly to your needs.


Direct access


To retrieve an authorization token for Rest calls, send a POST request to  https://keycloak.staging-adhese.org/realms/adhese-guineapig/protocol/openid-connect/token with the parameters:

  • username
  • password
  • client_id=adhese-app
  • grant_type=password

Using curl:

curl --location 'https://keycloak.staging-adhese.org/realms/adhese-guineapig/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=adhese-app' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=username' \
--data-urlencode 'password=password'

You will get back an access token:  

{
    "access_token": "<access_token>",
    "expires_in": 60,
    "refresh_expires_in": 1800,
    "refresh_token": "<refresh_token>",
    "token_type": "Bearer",
    "not-before-policy": 0,
    "session_state": "0821e5b7-4420-4f8c-9a9f-4b98afc3fb6c",
    "scope": "profile email"
}

To execute Rest requests that require authorization, add an Authorization header with value Bearer <access_token>, where <access_token> is the access_token returned by the above request and add an Use-Keycloak-Auth header with value true

curl --location 'https://guineapig.staging-adhese.org/api/users/me' \
--header 'Use-Keycloak-Auth: true' \
--header 'Authorization: Bearer <access_token>'


Access via IDP

1.

    s
  1. Read IDP client secret https://keycloak.staging-adhese.org/admin/master/console/#/master/clients/56c93ae2-be1b-4177-98ac-24e0aab7c1ae/credentials
  2. Fetch token using IDP client

    curl --location 'https://keycloak.staging-adhese.org/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=adhese-guineapig-realm-idp' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=name.surname@adhese.eu' \
--data-urlencode 'password=password' \
--data-urlencode 'client_secret=client_secret' \
--data-urlencode 'scope=openid'

  3. Exchange IDP token to realm specific token
curl --location 'https://keycloak.staging-adhese.org/realms/adhese-guineapig/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'client_id=adhese-app' \
--data-urlencode 'subject_token=idp_token' \
--data-urlencode 'subject_issuer=adhese-employee-oidc' \
--data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:access_token'
Back to top