HTTP request to keycloak with insommia
I am creating a secured back-end for a new app with Keycloak and NestJS. I imported my realm with clients and user in it and I am trying to get the token and access protected data through Insomnia.
Trying to reach endpoint {{ _.baseUrl }}/protocol/openid-connect/auth with a POST request passing data through JSON is returning
keycloak-1 | 2024-03-11 16:01:56,436 WARN [org.keycloak.protocol.oidc.endpoints.request.AuthorizationEndpointRequestParserProcessor] (executor-thread-131) Parameter 'client_id' not present or present multiple times in the HTTP request parameters
keycloak-1 | 2024-03-11 16:01:56,437 WARN [org.keycloak.events] (executor-thread-131) type="LOGIN_ERROR", realmId="55542514-fc71-4e4e-be3e-42af869de2a7", clientId="null", userId="null", ipAddress="172.18.0.1", error="invalid_request"
in my Docker Keycloak logs and a 400 Bad request error in Insomnia response preview window.
At first I was only passing my credentials and the error made me rethink the whole thing and pass client_id and client_secret as well i the JSON data yet error i still the same.
I was following this tutorial but it does not seem suitable for a Keycloak environment
How to reach to my Keycloak endpoints via Insomnia and furthermore how to get more verbose logs in the future ?
Insomina is a little hard.
Overview
#0 Keycloak launching Detail in here
Access Token URL
POST "http://localhost:8180/realms/master/protocol/openid-connect/token"
How to find Token URL?
The token_endpoint should be match Insomnia URL PREVIEW
If not, 404 not Found Error
#1 Crete New Collection
#2 Name as Keycloak
#3 Click Gear Icon for setting
#4 Base Environment
{
"baseUrl": "http://localhost:8180",
"username": "admin",
"password": "admin",
"access-token": ""
}
#5 Add HTTP Request
#6-7 Create Get-Token by POST API
#8 CTRL + Space Can add get environment variable
detail in here
#9 Make URL with an environment variable
{{ _.baseUrl }}/realms/master/protocol/openid-connect/token
#10 Add Body key/value by Form URL Encoded
It is same as /x-www-form-urlencoded in Postman
#11~13 Add 4 keys/value
User name and password get from environmental variable
By CTRL + Space
#14 Get token Click Send
Result
Bonus
How to use an access-token?
Add Request Get user list
#1 Open Base Environment
In the access-token place cursor inside ""
CTRL+Space
Select f Response => Body Attribute
Result
#2 Click reponse 'body', '', '', 'never',60
Select: Request POST Get Token
Filter (JSONPath or XPath)
$.access_token
Result
Finally, get user list with access-token
- Access to fetch at https://accounts.google.com/o/oauth2/v2/auth has been blocked by CORS
- Role-based authentication not working with Keycloak and Java Spring
- What If Session Expires While User Is Still On The Website
- Remix run: Authentication succeeds on validation failures
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Using two or more SecurityFilterChains with Spring Security 6 does not work properly, only one chain is invoked
- What is the purpose of the 'state' parameter in OAuth authorization request
- OAuth 2.0 Single Client Configuration for Web and Mobile Applications
- OAuth 2 access_token vs OpenId Connect id_token
- Spring Security - Multiple OAuth2 Identity providers (github and google) work with only one Bean with @Prirmary?
- Error in oAuth2 Google APIs - invalid_request "You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy"
- MSAL Node service & The Partner Center API
- How to change the app name for Firebase authentication (what the user sees)
- Generate token fails for Azure app which is both client and API (client credentials workflow)
- Is it okay to encrypt a 3rd party access token and refresh token, in an encrypted JWT?
- Is a Client Secret Required for Google OAuth 2.0 using the PKCE Authorization Flow? Should I Expose the Client Secret Publicly?
- What is the purpose of a "Refresh Token"?
- Pagination with oauth azure data factory
- How to use supabase google auth provider in react naive expo app
- How to bypass keycloak login page and provide client suggested idp with spring security
- Issue with Discord OAuth2 redirect_uri component
- npm install error - invalid package.json
- Google Identity Platform: Using OAuth 2.0 in Powershell using Firebase Admin SDK private key
- Can I get the company name/logo with the LinkedIn API?
- PayPal REST API credentials of another business or party
- Configuring spring-boot-starter-oauth2-client to authenticate with Azure AD
- Problems logging into coinbase api with oauth2
- Azure authentification for multiple audience using WithExtraScopesToConsent and AcquireTokenSilent
- Microsoft OAuth authorization code flow CORS
- How to authorize a request to the FCM v1 API with an access token