I implemented keycloak in my Node.js application. For login, I used API:
http://localhost:8080/auth/realms/master/protocol/openid-connect/token
It returns the login user's token if the username and password are correct.
Now I need to pass this token(returned by the above API) and check whether this token is correct or not, and if the token is correct I need user details, is there any API for this?
Now I need to pass this token(return by above API) and check this token is correct or not
You will need to use the introspection endpoint from the Keycloak Documentation:
token_introspection_endpoint
A OAuth2-compliant Token Introspection Endpoint which clients can use to query the server to determine the active state of an RPT and to determine any other information associated with the token, such as the permissions granted by Keycloak.
and if token is correct I need user details, is there any API for this.
For that you need to use the userinfo_endpoint.
Both endpoints can be found under the following link:
{KEYCLOAK_URL}/auth/realms/{REALM_NAME}/.well-known/openid-configuration
or since the /auth path was removed starting with Keycloak 17 Quarkus distribution:
{KEYCLOAK_URL}/realms/{REALM_NAME}/.well-known/openid-configuration
