Comments (4)
Hi @AdigaAkhil
I believe I got it partially. The introspect endpoint is returning 403 and the revoke is working.
I've used the app of this repo.
Get JWT token
$ curl -i -X POST \
"http://localhost:8080/realms/company-services/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin" \
-d "password=admin" \
-d "grant_type=password" \
-d "client_id=movies-app"
Response
HTTP/1.1 200 OK
...
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ5eEFURmwwbzNzVjg1QzNWU21DYXo1NTNRYXhyUTZsT2k1QngtdEpmcEFZIn0.eyJleHAiOjE2OTEzNTgwMzAsImlhdCI6MTY5MTM1NzczMCwianRpIjoiYzVmNmIwMWItNWRhNC00ZDVhLWEyODAtZTBjNDczMTYyNDE4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9jb21wYW55LXNlcnZpY2VzIiwic3ViIjoiZWFkMDE1YTgtOThhNi00NDBiLWI1NDAtMjhiOWI0OTM0NWMzIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibW92aWVzLWFwcCIsInNlc3Npb25fc3RhdGUiOiJhNWJhNTU5Ny01OGJiLTQ3YWUtYjVlZC0zZTUxYjA4OWVmMTkiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCJdLCJyZXNvdXJjZV9hY2Nlc3MiOnsibW92aWVzLWFwcCI6eyJyb2xlcyI6WyJNT1ZJRVNfTUFOQUdFUiIsIk1PVklFU19VU0VSIl19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwic2lkIjoiYTViYTU1OTctNThiYi00N2FlLWI1ZWQtM2U1MWIwODllZjE5IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiJ9.gdEmu4zoimr2beNjniTSk4ZC4adhwhyxqUwTMUHFQ9CHnoiaB6a83TS5MDLoIr-_k4LJRMag11peGPMEy2cUT6ZAk_u9rXXep-no4skEd-GdHCeXb-ZSJiPykc8QY3ZS6gu3TiqKjMjoDldKAzH92RMmn9Aqd66r5yYJouG4KgmGqGFx72p3TpskQJ-A90Iikuw6fQ125g_XDDNFov-Zhms-1BBnKJX7J9vkmNnlEK9QQOR8YIGsoMbOiMWI57Vdmsqm0Maq1UJ92MJk6ZHcIrUIEiu-SLr2QO9DycjarocSNrHfP5kAFSpuJwvVHEC_sNPbO-bfAaIqOveE09Ht0Q",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIzMzg4MzNjNS0wMzIwLTQzNWEtOGM4Yi1jYmZlZjEyODIxOWEifQ.eyJleHAiOjE2OTEzNTk1MzAsImlhdCI6MTY5MTM1NzczMCwianRpIjoiZjZjZmI1ODctY2RkMy00M2E3LWI3NzMtMjIzZTM5NzllMWQwIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9jb21wYW55LXNlcnZpY2VzIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9jb21wYW55LXNlcnZpY2VzIiwic3ViIjoiZWFkMDE1YTgtOThhNi00NDBiLWI1NDAtMjhiOWI0OTM0NWMzIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6Im1vdmllcy1hcHAiLCJzZXNzaW9uX3N0YXRlIjoiYTViYTU1OTctNThiYi00N2FlLWI1ZWQtM2U1MWIwODllZjE5Iiwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwic2lkIjoiYTViYTU1OTctNThiYi00N2FlLWI1ZWQtM2U1MWIwODllZjE5In0.GQ-mWo1mfQfuOEI20RHKzQut_DkM8rUu1Lfp9JmvkzM",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "a5ba5597-58bb-47ae-b5ed-3e51b089ef19",
"scope": "email profile"
}
Set refresh_token to TOKEN env var
$ TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIzMzg4MzNjNS0wMzIwLTQzNWEtOGM4Yi1jYmZlZjEyODIxOWEifQ.eyJleHAiOjE2OTEzNTk1MzAsImlhdCI6MTY5MTM1NzczMCwianRpIjoiZjZjZmI1ODctY2RkMy00M2E3LWI3NzMtMjIzZTM5NzllMWQwIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9jb21wYW55LXNlcnZpY2VzIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9jb21wYW55LXNlcnZpY2VzIiwic3ViIjoiZWFkMDE1YTgtOThhNi00NDBiLWI1NDAtMjhiOWI0OTM0NWMzIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6Im1vdmllcy1hcHAiLCJzZXNzaW9uX3N0YXRlIjoiYTViYTU1OTctNThiYi00N2FlLWI1ZWQtM2U1MWIwODllZjE5Iiwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwic2lkIjoiYTViYTU1OTctNThiYi00N2FlLWI1ZWQtM2U1MWIwODllZjE5In0.GQ-mWo1mfQfuOEI20RHKzQut_DkM8rUu1Lfp9JmvkzM
Call introspect endpoint using TOKEN
$ curl -i -X POST http://localhost:8080/realms/company-services/protocol/openid-connect/token/introspect \
-d token=$TOKEN \
-d client_id=movies-app
Response
HTTP/1.1 403 Forbidden
...
{"error":"invalid_request","error_description":"Client not allowed."}
Probably, there is some config we need to set for the client.
Call revoke endpoint using TOKEN
$ curl -i -X POST http://localhost:8080/realms/company-services/protocol/openid-connect/revoke \
-d token=$TOKEN \
-d client_id=movies-app
Response
HTTP/1.1 200 OK
...
from springboot-react-keycloak.
Hi @AdigaAkhil any feedback from your side on this issue? Thanks!
from springboot-react-keycloak.
Closing issue as no feedback was provided.
from springboot-react-keycloak.
Sorry @ivangfr, I was out on vacation. Thank you for the response. I'll look into it and let you know.
from springboot-react-keycloak.
Related Issues (12)
- refresh token HOT 3
- Thanks HOT 2
- Verifying JWT tokens in Resource server
- add server port to spring configuration HOT 1
- @react-keycloak/web deprecated and unmaintained
- Keycloak is not getting started by docker compose HOT 3
- Cannot access api via postman HOT 1
- [2372] Failed to execute script docker-compose HOT 1
- How to create user extra after first time login keycloak? HOT 3
- Upgrading to Keycloak 17 results in 401 Auth issue when listing Realms HOT 1
- Deprecation of Keycloak adapters HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from springboot-react-keycloak.