0

We have some APIs that we'd like to allow a specific backend service we'd like Keycloak to work with. We have it working with regular users with the traditional username/password type login. As you can imagine, we don't want to have a password based system, but ideally some sort of long key we can weld into the calling app to start the authentication process. If it helps to know, I'd like this to be a stateless JWT solution (eventually anyway). Yes, I've seen the documentation, but I don't know where this is talked about. Can someone send me a good link.

Woodsman
  • 901
  • 21
  • 61

1 Answers1

1

Client Credentials Flow in OAuth 2.0 for backend service.

This is good overview of OAuth Flow

Diagrams And Movies Of All The OAuth 2.0 Flows

enter image description here

How to call Client Credentials in Keycloak

What is a PAT and how to obtain it

API format

curl -X POST \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d 'grant_type=client_credentials&client_id=${client_id}&client_secret=${client_secret}' \
    "http://localhost:8080/realms/${realm_name}/protocol/openid-connect/token"

Keycloak: Client Credentials Grant Example

Keycloak Realm VS Keycloak Client

Bench Vue
  • 5,257
  • 2
  • 10
  • 14