Skip to content

Instantly share code, notes, and snippets.

@ataube

ataube/authenticate_token.js

Last active May 8, 2017 15:53
Show Gist options
  • Save ataube/2dd3632eeb4f0b46286c87005dc20c74 to your computer and use it in GitHub Desktop.
Save ataube/2dd3632eeb4f0b46286c87005dc20c74 to your computer and use it in GitHub Desktop.
Download ZIP
Keycloak Learnings
Raw
authenticate_token.js
// authenticate
function authenticate() {
const url = [
'http://localhost:8080/',
'auth/realms/collectai/protocol/openid-connect/auth',
'?response_type=code&client_id=portals-api&redirect_uri=http://localhost:3000/merchant',
];
document.location.assign(url.join(''));
}
function getToken() {
if (!code) return;
const url = [
'http://localhost:8080/',
'auth/realms/collectai/protocol/openid-connect/token',
];
const headers = new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
});
const params = new URLSearchParams();
params.append('grant_type', 'authorization_code');
params.append('code', code);
params.append('client_id', 'portals-api');
params.append('redirect_uri', 'http://localhost:3000/merchant');
const options = {
method: 'POST',
mode: 'no-cors',
headers,
credentials: 'include',
body: params
};
fetch(url.join(''), options).then(resp => {
console.log('>>>', resp);
}).catch(err => {
console.log('>>', err);
});
}
Raw
jwt-verfiy.js
const jwkToPem = require('jwk-to-pem');
const jwt = require('jsonwebtoken');
const token = 'eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJRN2M1bkVTdG9CQUF3ZmZUemJaTzZFdzhvNEhxc1dadmtieWdTSHN1NWFzIn0.eyJqdGkiOiI2YzlmYTFhMy05OTYzLTRiMTEtOGVlYS0zNjJlYTI4ZmNhYmUiLCJleHAiOjE0ODcyMzQ3OTQsIm5iZiI6MCwiaWF0IjoxNDg3MjM0NDk0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvY29sbGVjdGFpIiwiYXVkIjoicG9ydGFscy1hcGkiLCJzdWIiOiJhMzAwNGVhZC05ZGMwLTQxMjMtYTk1Yi0yY2RhOGM3OTA3NjkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJwb3J0YWxzLWFwaSIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6ImVhM2IxNDQ3LTMyYjMtNDUwZS05MWNlLTI3MmFhM2UyNTllOCIsImFjciI6IjEiLCJjbGllbnRfc2Vzc2lvbiI6IjUzM2E5YTFlLTU2ZmItNDczNS05MmI4LWNiM2FiZDMwYjA0ZCIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vbG9jYWxob3N0OjMwMDAiXSwicmVzb3VyY2VfYWNjZXNzIjp7fSwibmFtZSI6IkFuZHJlYXMgVGF1YmUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhbmRyZWFzIiwiZ2l2ZW5fbmFtZSI6IkFuZHJlYXMiLCJmYW1pbHlfbmFtZSI6IlRhdWJlIiwiZW1haWwiOiJhbmRyZWFzLnRhdWJlQGNvbGxlY3QuYWkifQ.d5nDFrq5lRV-G3suvvlXhX9wEigqMbtqj5cNRIXl1-EiG27vr34kmHATA0f_75tsBn-ACTn2MamPHZOyhgKlL46vCXgGu8xua4q80li5g9qyU8ZKnJhk9I0irJCdUCeRo5zglcYZlFC-RuJVoJ4f60QizOfImwm_RO229BSEnS4PWEUKkDv_CnqAE_sVEyFcUTTjL1RCtffQhT725kxB_T-WAWXWXbwGajw08n7LhrQiWrhRBkAGTUWO1z82SfeJpR5rA3XbAif5vp_1rNyEK5LCU-jPbip85iKct6gdD5PzFBxygmtwT0Ish3CChBNW4NsHKbwsee4SzZlVLXh0eg';
// Get server jwk from here: http://localhost:8080/auth/realms/collectai/protocol/openid-connect/certs
const jwk = {"kid":"Q7c5nEStoBAAwffTzbZO6Ew8o4HqsWZvkbygSHsu5as","kty":"RSA","alg":"RS256","use":"sig","n":"sP7Rc4WHkGciBOk3gWYAF2QLu9bImTvJfkKsY1wiAoZuaDSaP2WLb5KdrELkwdYJWG6iMPiet-l9RvtkaQVqS-4myrOmuzhG4rjgGbHORsqy6RtqyRCbPRO9a30ukdRwsAylkUvxgeYZMs0TSxWptcoeFVRHW0tI2-ALz8Wq1henX2wX1FLlAsuhF07EvxzzxqBJwQTCb9wskrDiDrTpK1BVfkFYdY7zi9urSo1k9GKZ1T__Jr1xmyyn6WKH8AAuO3w2bRzpzY_Bg7_jLAELWyvO88ev3rd15T7MukN2sHGxSCVUmUkQibLZnWVj6f01GY40_Ly3HBgq9vYHGjSZrQ","e":"AQAB"}
const cert = jwkToPem(jwk)
const r = jwt.verify(token, cert, { algorithms: ['RS256'] }, (err, payload) => {
console.log('>>>>err', err);
console.log('>>>>payload', payload);
});
Raw
keycloak.md

OIDC Endpoints

http://www.keycloak.org/docs/2.5/securing_apps_guide/topics/oidc/oidc-generic.html

Get token with Grant Type Password

curl -d "client_id=portals-api" \ 
      -d "client_secret=989a4668-7166-4a5e-9e62-301c875402a9" \
      -d "username=andreas" \ 
      -d "password=pass" \ 
      -d "grant_type=password" \
      "http://localhost:8080/auth/realms/collectai/protocol/openid-connect/token"

Introspect Token

curl -i -d "client_id=portals-api" \
        -d "client_secret=989a4668-7166-4a5e-9e62-301c875402a9" \
        -d "username=andreas" \ 
        -d "password=pass" \
        -d "token=mytoken" http://localhost:8080/auth/realms/collectai/protocol/openid-connect/token/introspect

Get UserInfo

curl -i -H "Authorization: Bearer mytoken" http://localhost:8080/auth/realms/collectai/protocol/openid-connect/userinfo

Start Authorization Flow

http://localhost:8080/auth/realms/collectai/protocol/openid-connect/auth?scope=portals-api/foobar&response_type=code&client_id=portals-api&redirect_uri=http://localhost:3000

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment