When creating a new client in Keycloak service through sending the post request to /{realm}/clients
, both clientId
and id
are optional fields in post body.
If I didn't specify them, keycloak will generate it automatically. Then I found when I request to get client-secret
, I need to put the id
into url to indicate the client-secret
of which client I need to get ?
I try to figure out how can I get the id
of client from Keycloak API docs but didn't get the answer.
Anyone has idea?
Update: The /auth
path was removed starting with Keycloak 17 Quarkus distribution. So you might need to remove the /auth
from following endpoint calls.
I try to figure out how can I get the id of client from Keycloak API docs but didn't get the answer.
To get the id
you can call the endpoint /{realm}/clients
with the parameter clientID
for instance using curl:
curl -k -X GET $KEYCLOAK_HOST/auth/admin/realms/$REALM_NAME/clients?clientId=$CLIENT_ID \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $ACCESS_TOKEN"
The $ACCESS_TOKEN
is the access token from a token omitted on behalf of a user with the proper privileges (e.g., admin).
From the response .json you extract id (e.g., jq -r .[0].id). In my personal Git repo you can find a script to extract the client secret.
Assigning the proper user permissions
For those that do not want to get an access token from the master admin user, you can get it from another user but that user needs the permission view-clients
from the realm-management
client. For that you can:
(OLD Keycloak UI)
Role Mappings
client roles
select realm-management
view-clients
and click on Add selected
(New Keycloak UI)
Role Mappings
Assign role
Search by role name
type view-clients