In this post I want to document the process to set up an OIDC client and show all the endpoints one can use to get the tokens. Prerequisite for this to have the keycloak up and running. I described the process here(link). Once change to that docker-compose.yaml file is that i update the mysql to latest. Once you have the keycloak container up and running

Create Realm

login to the master realm with the username and password from your docker file. http://localhost:8080

Create a new realm, i have re-created a realm as “todo”

Next, change to the realm and create a new client by clicking on “clients”-> “create new client”. You can leave most of the option default. Update as show below.

Save the configuration

Next go to the credentials tab and copy the secret. We will use this later to test the OIDC endpoints.

With this we have a client ready, next, we need to create a few test users. Navigate to the users options and create a new user. Make sure you have user enabled and ensure you have no actions in “Request user Actions” . At least for this usecase.

We should be ready for testing through postman. Now, I am assuming that you have an idea of OIDC flow but trying to piece together how to use keycloack for your app. I will have a detailed post in future on what OIDC is and what this flow means. For this post I’m trying to show the AuthCode flow. For testing purpose i recommend using postman for ease of use. You could use any OIDC client but postman make it easy to understand .

First step is to acquire a token. Within the OIDC AuthCode flow the first step is to get AuthCode and then perform auth and then comes the token but since we are using post it will help make this process simple. So open you postman, create a new request, with in the Authorization dropdown select OAUTH2.0. Provide

curl –location ‘http://localhost:8080/auth/realms/todo/protocol/openid-connect/token’
–header ‘Content-Type: application/x-www-form-urlencoded’
–data-urlencode ‘grant_type=password’
–data-urlencode ‘client_id=todo’
–data-urlencode ‘client_secret=En6aFLYMX4xSU7lO7qHC0JeU7iSiROO9’
–data-urlencode ‘username=adminu’
–data-urlencode ‘password=youpwd

Userinfo envpoint

Refresh token endpoint

Curl of refresh token Make sure you send auth bearer(clientid and client secret) and request body of refresh-token and grantype in -form-urlnecoded curl –location ‘http://localhost:8080/auth/realms/todo/protocol/openid-connect/token’
–header ‘Content-Type: application/x-www-form-urlencoded’
–header ‘Authorization: Basic dG9kbzpFbjZhRkxZTVg0eFNVN2xPN3FIQzBKZVU3aVNpUk9POQ==’
–data-urlencode ‘refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIzNDRlY2U1MC02MGUxLTQ4NjYtYmM0ZC1lZTg2MzY0ZjI2NGUifQ.eyJleHAiOjE2OTczNDI4MjYsImlhdCI6MTY5NzM0MTAyNiwianRpIjoiNzdiYmYwMTItYWYyMi00NTU3LTliNzItNGQ4MTM3YzE5YjgxIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL3RvZG8iLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvdG9kbyIsInN1YiI6IjFhZTA1MzdlLTQxN2MtNDVjNS1iZjExLWE3MTJkY2I1ODdhNSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJ0b2RvIiwic2Vzc2lvbl9zdGF0ZSI6ImI0MTQzMTM1LWZjMjEtNGQ5MC1iNTAyLTVmZDcyOWQ5MWNmYyIsInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsInNpZCI6ImI0MTQzMTM1LWZjMjEtNGQ5MC1iNTAyLTVmZDcyOWQ5MWNmYyJ9.b6zyWjyxnGp3g6CoZpvpmi0fv7d861ztUpXgdEQGEcE’
–data-urlencode ‘grant_type=refresh_token’