An example how to create a CLI application and obtain an Access Token from Keycloak.x
= Keycloak CLI Client Example
This repo contains an example of using the https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-00#section-4.1[Authorization Code Grant] in a CLI application using https://www.keycloak.org/downloads[Keycloak.x].
The CLI application has been written in Go, but the overall principle remains the same for other languages and frameworks.
== Starting Keycloak.x
https://www.keycloak.org/2020/12/first-keycloak-x-release.adoc[Keycloak.x] is a new Keycloak distribution that has been built on top of Quarkus. Among many other features, it has so-called Developer Mode, which enables you to run it without doing much configuration. But remember - this mode shall not be used in production (or even staging). It's purely a development thing:
Keycloak.x is now ready to serve the requests. You can log into the Admin Console using admin/admin
credentials:
image::img/keycloak-admin.png[]
== Create a CLI Client
The next step is to create a public CLI Client that will be used by the CLI application. The configuration is the following:
image::img/cli-client.png[]
Here are some highlights:
== Run the CLI application
Now use your favorite IDE or go
command line to run the CLI application. You will be asked to provide username and password:
image::img/login.png[]
You can use admin/admin
as we're using the Master Realm.
After logging in, you will see the following web page:
image::img/close-the-window.png[]
Now, look at your terminal window to find the Access Token.
== So what really happened?
The CLI application starts an embedded HTTP server up on port 8081 with "/sso-callback" path. Now, let's quickly check, how the https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-00#section-4.1[Authorization Code Flow] looks like:
image::img/authorization-code-flow.png[]
The embedded HTTP Server is used in Step no. 4 to obtain the Authorization Code. If the code is detected, it's being exchanged for an Access Token.
== Ok, ok... so how to use it in production?
Of course, the example in this repo should not be used in production. It has been simplified to illustrate the main principles for constructing CLI applications for oAuth flows. In order to use this in production, you need to consider at least the following: