23

I have tried to access the keycloak API from the postman. but it is showing 400 bad request.

I was calling api in the below format. 

http://{hostname}:8080/auth/realms/master/protocol/openid-connect/token?username=admin&password=admin&client_id=admin-cli&grant_type=password

In the headers I have set the content_type as application/x-www-form-urlencoded

I am getting the response as below.

{
    "error": "invalid_request",
    "error_description": "Missing form parameter: grant_type"
}

Can any one help me.Any help will be appreciated. thanks in advance

shonky linux user
  • 6,131
  • 4
  • 46
  • 73
Programmer
  • 657
  • 4
  • 9
  • 21
  • have you done keycloak authentication with curl for multiple applications. i have authenticated with curl but when i accessing with another application i have to relogin with that second application. how to use the keycloak login with curl for multiiple application authentication – Joyson Mar 01 '19 at 11:13
  • the problem is that this is a GET request, and Keycloak accepts this API call only as POST . – NaN Mar 21 '23 at 13:55

5 Answers5

42

A bit late for this question, but you did ask about postman and not curl. So you have to put the options in x-www-form-urlencoded enter image description here

UchihaItachi
  • 2,602
  • 14
  • 21
12

You call API through POST client

URL - http://localhost:8080/auth/realms/Demo/protocol/openid-connect/token

So here in above url i am using Demo as my realm instead of master.

ContentType - "Content-Type":"application/x-www-form-urlencoded"

Params:

{
"client_secret" : "90ec9638-7647-4e65-ad20-b82df3341084",
"username" : "ankur",
"password" : "123456",
"grant_type" : "password",
"client_id": "app-client"
}

Set Header as below

enter image description here

Data Need to be passed as shown below enter image description here

Paco Abato
  • 3,920
  • 4
  • 31
  • 54
Ankur Singhal
  • 26,012
  • 16
  • 82
  • 116
  • 5
    once you have the access_token, etc how will you add those parameters to every request for a resource? – Vishrant Jun 06 '18 at 00:57
3

The URL you are using is to obtain the token.

The token request should be a POST call, the request you post is a GET request. Below a CURL example about how to request the access_token

curl -X POST \
   http://{hostname}:8080/auth/realms/{realm}/protocol/openid-connect/token \
   -H 'Content-Type: application/x-www-form-urlencoded' \
   -d 'username=admin&password=admin&grant_type=password&client_id=admin-cli'
Pablo Bastidas
  • 608
  • 1
  • 6
  • 17
2

did I create a Postman collection to help us to get start with keycloak API. Anyone can save the follow json, and import on Postman:

{
"info": {
    "_postman_id": "07a9d691-5b1c-4869-990b-551da29590fe",
    "name": "Keycloak",
    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
    {
        "name": "GET REALM",
        "request": {
            "method": "GET",
            "header": [],
            "url": {
                "raw": "{{KEYCLOAK_URL}}admin/realms/{{KEYCLOAK_REALM}}",
                "host": [
                    "{{KEYCLOAK_URL}}admin"
                ],
                "path": [
                    "realms",
                    "{{KEYCLOAK_REALM}}"
                ]
            }
        },
        "response": []
    },
    {
        "name": "GET USERS",
        "event": [
            {
                "listen": "prerequest",
                "script": {
                    "id": "dfda403a-35b8-4704-840d-102eddac32e6",
                    "exec": [
                        ""
                    ],
                    "type": "text/javascript"
                }
            }
        ],
        "protocolProfileBehavior": {
            "disableBodyPruning": true
        },
        "request": {
            "method": "GET",
            "header": [],
            "body": {
                "mode": "urlencoded",
                "urlencoded": []
            },
            "url": {
                "raw": "{{KEYCLOAK_URL}}admin/realms/{{KEYCLOAK_REALM}}/users",
                "host": [
                    "{{KEYCLOAK_URL}}admin"
                ],
                "path": [
                    "realms",
                    "{{KEYCLOAK_REALM}}",
                    "users"
                ]
            }
        },
        "response": []
    }
],
"auth": {
    "type": "bearer",
    "bearer": [
        {
            "key": "token",
            "value": "{{KEYCLOAK_TOKEN}}",
            "type": "string"
        }
    ]
},
"event": [
    {
        "listen": "prerequest",
        "script": {
            "id": "c3ae5df7-b1e0-4af1-988b-c592df3fd98e",
            "type": "text/javascript",
            "exec": [
                "const echoPostRequest = {",
                "  url: pm.environment.get('KEYCLOAK_URL') + 'realms/master/protocol/openid-connect/token',",
                "  method: 'POST',",
                "  header: 'Content-Type:application/x-www-form-urlencoded',",
                "  body: {",
                "    mode: 'urlencoded',",
                "    urlencoded: [",
                "        {key:'username', value:pm.environment.get('KEYCLOAK_USER')}, ",
                "        {key:'password', value:pm.environment.get('KEYCLOAK_PASSWORD')}, ",
                "        {key:'client_id', value:'admin-cli'}, ",
                "        {key:'grant_type', value:'password'}",
                "    ]",
                "  }",
                "};",
                "",
                "var getToken = true;",
                "",
                "if (!pm.environment.get('KEYCLOAK_TOKEN_EXPIRY') || ",
                "    !pm.environment.get('KEYCLOAK_TOKEN')) {",
                "    console.log('Token or expiry date are missing')",
                "} else if (pm.environment.get('KEYCLOAK_TOKEN_EXPIRY') <= (new Date()).getTime()) {",
                "    console.log('Token is expired')",
                "} else {",
                "    getToken = false;",
                "    console.log('Token and expiry date are all good');",
                "}",
                "",
                "if (getToken === true) {",
                "    pm.sendRequest(echoPostRequest, function (err, res) {",
                "    console.log(err ? err : res.json());",
                "        if (err === null) {",
                "            console.log('Saving the token and expiry date')",
                "            var responseJson = res.json();",
                "            pm.environment.set('KEYCLOAK_TOKEN', responseJson.access_token)",
                "    ",
                "            var expiryDate = new Date();",
                "            expiryDate.setSeconds(expiryDate.getSeconds() + responseJson.expires_in);",
                "            pm.environment.set('KEYCLOAK_TOKEN_EXPIRY', expiryDate.getTime());",
                "        }",
                "    });",
                "}"
            ]
        }
    },
    {
        "listen": "test",
        "script": {
            "id": "fdb69bb4-14a5-43b4-97e2-af866643e390",
            "type": "text/javascript",
            "exec": [
                ""
            ]
        }
    }
],
"variable": [
    {
        "id": "698bbb41-d3f9-47f8-9848-4a1c32f9cca4",
        "key": "token",
        "value": ""
    }
],
"protocolProfileBehavior": {}}

And I created a pre-script to get the token and set on wich request, as you can see on the image below: enter image description here

You should create the follow environment variables: KEYCLOAK_USER, KEYCLOAK_PASSWORD and KEYCLOAK_URL, where the url must be https://{your keycloak installation}/auth/

Maykol Rypka
  • 531
  • 6
  • 19
0

You can also use CURL to get information

curl -L -X POST 'http://<serveraddress>/auth/realms/<realmname>/protocol/openid-connect/token' -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=<clientid>' --data-urlencode 'grant_type=password' --data-urlencode 'client_secret=<clientsecret>' --data-urlencode 'scope=openid' --data-urlencode 'username=<username>' --data-urlencode 'password=<password>'
Rajat jain
  • 1,715
  • 3
  • 12
  • 21