Various Keycloak stuff, like URLs, etc.

keycloak-stuff.md

Keycloak Stuff / URLs

Required Actions

Generic

http(s)://{host}/realms/{realm}/protocol/openid-connect/auth?response_type=code&client_id={clientId}&scope=openid&redirect_uri={redirectUri}&kc_action={requiredActionId}

Example

http://localhost:8080/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=account&scope=openid&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Fdemo%2Faccount%2F&kc_action=UPDATE_PASSWORD

Best practice

Take the authorization_endpoint from the /.well-known/openid-configuration endpoint, don't use it hard-coded. Then, add the query params.

Registration

Generic

http(s)://{host}/realms/{realm}/protocol/openid-connect/registrations?client_id={clientId}&response_type=code&scope=openid&redirect_uri={redirectUri}

Example

http://localhost:8080/realms/demo/protocol/openid-connect/registrations?client_id=account_console&response_type=code&scope=openid&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Fdemo%2Faccount%2F

Note

There's no registration url contained in the /.well-known/openid-configuration endpoint. Maybe, use the authorization_endpoint and replace the auth path part with registrations.
ATTENTION: This is Keycloak specific! This is not part of the OIDC spec!

Reset Credentials

Generic

http(s)://{host}/realms/{realm}/login-actions/reset-credentials?client_id={clientID}&redirect_uri={redirectUri}

Example

http://localhost:8080/realms/demo/login-actions/reset-credentials?client_id=account&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Fbookshop%2Faccount%2F