Translation needed
The content of this page was copied from another page tree and needs to be translated or updated.
When you finish translation, make sure to
-
Replace the label NEEDS-TRANSLATING with TRANSLATED
-
Remove this macro from the page
Introduction
This type of authentication can be used for:
- tests
- application authentication without user interaction (e.g. server application)
- can be used only for local accounts (external providers like ADFS, LDAP, are not supported)
Realm configuration
Add client that will be allowed this type of access:
https://www.keycloak.org/docs/latest/server_admin/#_clients
Example client configuration:
Important properties:
Client ID - this will be sent in authentication request, together with client_secret(for confidential clients only)
Enabled - if client is not enabled, authentication requests won't be allowed
Direct Access Grants Enabled - this enables authentication flow to get access token by sending user credentials directly in authentication request
Access Type - use public or confidential; confidential is recommended as it requires additional client_secret for authentication; if client_secret cannot be stored by application in secure way, use public instead
To get client_secret, one can get it from keycloak admin console from credentials tab in client config:
Requesting login and Token
Endpoint to be used for login (authentication request):
POST https://keycloak.test.bim.cloud/auth/realms/{realm}/protocol/openid-connect/token
Full sample:
POST https://keycloak.test.bim.cloud/auth/realms/tessel-demo4/protocol/openid-connect/token
Required parameter:
- realm name - realm name is unique for every customer.
In test environment it can be hardcoded or can be obtained from HDC application (sv) Setting up client application
Request must be sent with the following payload:
type Content-Type: application/x-www-form-urlencoded
username - use realm user
password- user password as set
client_id - client id configured in keycloak realm
client_secret - client secret associated to client in keycloak realm
grant_type - password
username=[username]&password=[userpassword]&grant_type=password&client_secret=[client_secret]&client_id=HDC+Client+for+auto+tests
Authentication response
{ "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJYVUM5NlRFS092UjFBbXFfR0R2QzhjZ2tuRV9BaHZlaG1DS3c2cUJqa0xZIn0.eyJleHAiOjE2MzA5Mzk2MTMsImlhdCI6MTYzMDkzNjAxMywianRpIjoiMmE2OWZiOTUtMDliNi00MDA2LTg5NGQtOTc0Y2M3OTM1NGFlIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay50ZXN0LmJpbS5jbG91ZC9hdXRoL3JlYWxtcy90ZXNzZWwtZGVtbzQiLCJhdWQiOlsiSERDIEZNIFNlcnZlciBBcHBsaWNhdGlvbiIsImFjY291bnQiXSwic3ViIjoiOTJiNzA0MWMtNDExZC00YTQwLWI0YjItZmFjYzk1NzVhYzc2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiSERDIENsaWVudCBmb3IgYXV0byB0ZXN0cyIsInNlc3Npb25fc3RhdGUiOiIzZDcwZTJjOC1hNDVlLTRhMjAtOTQ0OS0xNWY0ZmI5YzdjMDIiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIkNoYW5nZSBSZXBvcnRlciIsIlVzZXIiLCJNYWluVXNlcnNHcm91cCIsIlVzZXJzIiwiZGVmYXVsdC1yb2xlcy10ZXNzZWwtZGVtbzQiLCJTeXN0ZW0gQWRtaW5pc3RyYXRvciIsIlRTTCBDcmV3IiwiQmFzaWMgQXJjaGl2ZSBNYW5hZ2VyIiwiQWRtaW5pc3RyYXRvciIsIkNoYW5nZSBNYW5hZ2VyIiwib2ZmbGluZV9hY2Nlc3MiLCJEYXRhIEV4Y2hhbmdlIE1hbmFnZXIiLCJTeXN0ZW0gVXNlcnMiLCJBZG1pbnMiLCJ1bWFfYXV0aG9yaXphdGlvbiIsIlNlY3VyaXR5IEFkbWluaXN0cmF0b3IiLCJBZHZhbmNlZCBBcmNoaXZlIE1hbmFnZXIiXX0sInJlc291cmNlX2FjY2VzcyI6eyJIREMgRk0gU2VydmVyIEFwcGxpY2F0aW9uIjp7InJvbGVzIjpbInZpZXctZGF0YS1leGNoYW5nZS1hdWRpdCIsInJlcG9ydC1jaGFuZ2UtcmVxdWVzdHMiLCJtYW5hZ2Utb3duLWRyYWZ0cyIsIm1hbmFnZS1jaGFuZ2UtcmVxdWVzdHMiLCJhY2Nlc3MtYXVkaXQtdHJhaWwiLCJ2aWV3LXVzZXItYWN0aXZpdHktYXVkaXQiLCJ2aWV3LXNoYXJlZC1kcmFmdHMiLCJhbm9ueW1vdXMtYXBpIiwiZWRpdC1tYXN0ZXItYXJjaGl2ZS12ZXJzaW9uIiwidmlldy1tYXN0ZXItYXJjaGl2ZS12ZXJzaW9ucyIsIm1hbmFnZS1hbGwtZHJhZnRzIiwiZGF0YS1leGNoYW5nZS1leHBvcnQiLCJtYW5hZ2Utc2VjdXJpdHktc2V0dGluZ3MiLCJ2aWV3LWFsbC1kcmFmdHMiLCJhY2Nlc3MtYWRtaW4tb3BlcmF0aW9ucyIsInZpZXctdmVyc2lvbmluZy1hdWRpdCIsInN5c3RlbS11c2VyIiwicmV2ZXJ0LXB1Ymxpc2hlZC12ZXJzaW9uIiwidmlldy1vYmplY3QtYXVkaXQiLCJtYW5hZ2Utc3lzdGVtLXNldHRpbmdzIiwiZGF0YS1leGNoYW5nZS1pbXBvcnQiLCJzZXQtZGVmYXVsdC12ZXJzaW9uIiwicHVibGlzaC1kcmFmdHMiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsInNpZCI6IjNkNzBlMmM4LWE0NWUtNGEyMC05NDQ5LTE1ZjRmYjljN2MwMiIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6IkpNZXRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImptZXRlciIsImxvY2FsZSI6InN2IiwiZ2l2ZW5fbmFtZSI6IkpNZXRlciIsImZhbWlseV9uYW1lIjoiIiwiZW1haWwiOiJ0b21hc3oud3ljem9sa293c2tpQHRlc3NlbC5wbCJ9.jdQ7TEv2Bf3eFIvvZDAaSsyE5L17RIw9vIwNMOKNsNFfPM1fUu1QFxy2qcKmBAFCbsXP4Y5N_iDb-LXIlTK3Js4A9Fwyl_UztTkQYQv8KxHVUyFr0CwzHr1HRE8g-1-zFMkcPoxg7NT9lcddltZdVfPx8wVVol-jhf9ovr55mqY36KmRzKPZjXkpaf2cR6tabU0gM4ixCph3Wc2CLWGZwIy9TkTCs6IGg_SfMBAZzDEa52z62UdQs5NwTx2MyiHsD9o2Q5HdnfUlCCeJYTxwO8XQnaVe25xcF5bdoOLFGn2bzWzzimIWYhu0ynV0t7VJT_Nf5Uoes7kURGc6_nfEAA", "expires_in": 3600, "refresh_expires_in": 28800, "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5ZDA2OTc0Mi1lM2IzLTQ3OGEtYTc0NC0zM2E4ODRmNWFjZDAifQ.eyJleHAiOjE2MzA5NjQ4MTMsImlhdCI6MTYzMDkzNjAxMywianRpIjoiNTNjMGM3MGEtYTkwNy00YjIwLThiYzMtMTUxMWM3ZjA2MGEwIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay50ZXN0LmJpbS5jbG91ZC9hdXRoL3JlYWxtcy90ZXNzZWwtZGVtbzQiLCJhdWQiOiJodHRwczovL2tleWNsb2FrLnRlc3QuYmltLmNsb3VkL2F1dGgvcmVhbG1zL3Rlc3NlbC1kZW1vNCIsInN1YiI6IjkyYjcwNDFjLTQxMWQtNGE0MC1iNGIyLWZhY2M5NTc1YWM3NiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJIREMgQ2xpZW50IGZvciBhdXRvIHRlc3RzIiwic2Vzc2lvbl9zdGF0ZSI6IjNkNzBlMmM4LWE0NWUtNGEyMC05NDQ5LTE1ZjRmYjljN2MwMiIsInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsInNpZCI6IjNkNzBlMmM4LWE0NWUtNGEyMC05NDQ5LTE1ZjRmYjljN2MwMiJ9.DIQ0vNKHOamOoLxsJo8DYTE3rj1FfK8xRX6RN37j6TM", "token_type": "Bearer", "not-before-policy": 0, "session_state": "3d70e2c8-a45e-4a20-9449-15f4fb9c7c02", "scope": "email profile" }
From the received response JSON, copy access token from access_token and send it with Bearer prefix in
X-Authorization header to every secured HDC request
example:
Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJYVUM5NlRFS092UjFBbXFfR0R2QzhjZ2tuRV9BaHZlaG1DS3c2cUJqa0xZIn0.eyJleHAiOjE2MzA5Mzk2MTMsImlhdCI6MTYzMDkzNjAxMywianRpIjoiMmE2OWZiOTUtMDliNi00MDA2LTg5NGQtOTc0Y2M3OTM1NGFlIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay50ZXN0LmJpbS5jbG91ZC9hdXRoL3JlYWxtcy90ZXNzZWwtZGVtbzQiLCJhdWQiOlsiSERDIEZNIFNlcnZlciBBcHBsaWNhdGlvbiIsImFjY291bnQiXSwic3ViIjoiOTJiNzA0MWMtNDExZC00YTQwLWI0YjItZmFjYzk1NzVhYzc2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiSERDIENsaWVudCBmb3IgYXV0byB0ZXN0cyIsInNlc3Npb25fc3RhdGUiOiIzZDcwZTJjOC1hNDVlLTRhMjAtOTQ0OS0xNWY0ZmI5YzdjMDIiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIkNoYW5nZSBSZXBvcnRlciIsIlVzZXIiLCJNYWluVXNlcnNHcm91cCIsIlVzZXJzIiwiZGVmYXVsdC1yb2xlcy10ZXNzZWwtZGVtbzQiLCJTeXN0ZW0gQWRtaW5pc3RyYXRvciIsIlRTTCBDcmV3IiwiQmFzaWMgQXJjaGl2ZSBNYW5hZ2VyIiwiQWRtaW5pc3RyYXRvciIsIkNoYW5nZSBNYW5hZ2VyIiwib2ZmbGluZV9hY2Nlc3MiLCJEYXRhIEV4Y2hhbmdlIE1hbmFnZXIiLCJTeXN0ZW0gVXNlcnMiLCJBZG1pbnMiLCJ1bWFfYXV0aG9yaXphdGlvbiIsIlNlY3VyaXR5IEFkbWluaXN0cmF0b3IiLCJBZHZhbmNlZCBBcmNoaXZlIE1hbmFnZXIiXX0sInJlc291cmNlX2FjY2VzcyI6eyJIREMgRk0gU2VydmVyIEFwcGxpY2F0aW9uIjp7InJvbGVzIjpbInZpZXctZGF0YS1leGNoYW5nZS1hdWRpdCIsInJlcG9ydC1jaGFuZ2UtcmVxdWVzdHMiLCJtYW5hZ2Utb3duLWRyYWZ0cyIsIm1hbmFnZS1jaGFuZ2UtcmVxdWVzdHMiLCJhY2Nlc3MtYXVkaXQtdHJhaWwiLCJ2aWV3LXVzZXItYWN0aXZpdHktYXVkaXQiLCJ2aWV3LXNoYXJlZC1kcmFmdHMiLCJhbm9ueW1vdXMtYXBpIiwiZWRpdC1tYXN0ZXItYXJjaGl2ZS12ZXJzaW9uIiwidmlldy1tYXN0ZXItYXJjaGl2ZS12ZXJzaW9ucyIsIm1hbmFnZS1hbGwtZHJhZnRzIiwiZGF0YS1leGNoYW5nZS1leHBvcnQiLCJtYW5hZ2Utc2VjdXJpdHktc2V0dGluZ3MiLCJ2aWV3LWFsbC1kcmFmdHMiLCJhY2Nlc3MtYWRtaW4tb3BlcmF0aW9ucyIsInZpZXctdmVyc2lvbmluZy1hdWRpdCIsInN5c3RlbS11c2VyIiwicmV2ZXJ0LXB1Ymxpc2hlZC12ZXJzaW9uIiwidmlldy1vYmplY3QtYXVkaXQiLCJtYW5hZ2Utc3lzdGVtLXNldHRpbmdzIiwiZGF0YS1leGNoYW5nZS1pbXBvcnQiLCJzZXQtZGVmYXVsdC12ZXJzaW9uIiwicHVibGlzaC1kcmFmdHMiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsInNpZCI6IjNkNzBlMmM4LWE0NWUtNGEyMC05NDQ5LTE1ZjRmYjljN2MwMiIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6IkpNZXRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImptZXRlciIsImxvY2FsZSI6InN2IiwiZ2l2ZW5fbmFtZSI6IkpNZXRlciIsImZhbWlseV9uYW1lIjoiIiwiZW1haWwiOiJ0b21hc3oud3ljem9sa293c2tpQHRlc3NlbC5wbCJ9.jdQ7TEv2Bf3eFIvvZDAaSsyE5L17RIw9vIwNMOKNsNFfPM1fUu1QFxy2qcKmBAFCbsXP4Y5N_iDb-LXIlTK3Js4A9Fwyl_UztTkQYQv8KxHVUyFr0CwzHr1HRE8g-1-zFMkcPoxg7NT9lcddltZdVfPx8wVVol-jhf9ovr55mqY36KmRzKPZjXkpaf2cR6tabU0gM4ixCph3Wc2CLWGZwIy9TkTCs6IGg_SfMBAZzDEa52z62UdQs5NwTx2MyiHsD9o2Q5HdnfUlCCeJYTxwO8XQnaVe25xcF5bdoOLFGn2bzWzzimIWYhu0ynV0t7VJT_Nf5Uoes7kURGc6_nfEAA
in addition for requests working on HDC version u need to send versionId in
X-Hdc-Version-Id header
To get default version id invoke
GET ../api/systeminfo/json
and read id from defaultVersion.versionId in json