1. Introduction
In this article, we will generate a Keycloak bearer token that we can use to authorized our request. This token is mostly used to verify request in the backend REST API.
1.1 Prerequisites
- You must have a docker installed.
- You must have installed Postman.
Take note of this URL format: http://192.168.1.101:8081/auth/realms/czetsuyatech/.well-known/openid-configuration. Save the value of authorization_endpoint and token_endpoint, we will use them later.
2. Setup Keycloak
Before we begin, we need to run an instance of Keycloak in docker first.
docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 8081:8080 -d jboss/keycloak:10.0.2
Keycloak should run on port 8081.
Now, go to your browser and open http://localhost:8081 and you should arrive in Keycloak admin page.
3. Create a Keycloak Realm and Client
Next, we need to create the realm and client that we will be using to generate a token.
During the first serving of the page, Keycloak will ask you to save an admin user and password.
- Login to Keycloak.
- In the left panel, hover to Master, and click Add Realm.
- Enter czetsuyatech.
- On the left panel, click Clients.
- On the right side, click Create.
- Enter auth in the client id and hit Save.
- On the client detail page:
- Set Access Type=confidential.
- Valid Redirect URIs=* (for debugging purposes only)
- Web Origins=* (for debugging purposes only)
- *Make sure to secure items 2 and 3 in production.
- Copy the Secret value in the Credentials tab, we will use it later.
4. Create a Keycloak User
- On the left panel, under Manage click Users.
- Click Add User.
- In the username field, enter czetsuyatech and hit save.
- Open the Credentials tab, set the password to czetsuyatech, switch Temporary to OFF.
- Click Set Password.
4. Generate the Token
4.1 Set the following request parameters
- In Postman, create a new request. It could be any HTTP method.
- Under Authorization tab, set TYPE=OAuth 2.0.
- On the right panel, click Get New Access Token.
- Callback URL=https://google.com
- Or anything since we did not set it;
- It should match the value you will set in Keycloak;
- Normally, this is your frontend URL where Keycloak will redirect after login.
- Auth URL=http://192.168.1.101:8081/auth/realms/czetsuyatech/protocol/openid-connect/auth
- Access Token URL=http://192.168.1.101:8081/auth/realms/czetsuyatech/protocol/openid-connect/auth
- ClientID=auth
- Client Secret=[Get the value from 3.8]
- Scope=email
4.2 Execute the request
- Click Request Token
- Enter the user we created in step 4, czetsuyatech/czetsuyatech.
- Click Submit/Login.
- It should automatically fill up the Access Token field with the generated token.
- Header prefix must be set to “Bearer “.
Originally published at https://www.czetsuyatech.com/2020/08/generate-keycloak-bearer-token-using-postman.html