Skip to content

Instantly share code, notes, and snippets.

@dasniko

dasniko/keycloak-stuff.md

Last active September 29, 2023 09:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dasniko/1027bc1f92d0961a4ed28f51bf3e59e1 to your computer and use it in GitHub Desktop.
Save dasniko/1027bc1f92d0961a4ed28f51bf3e59e1 to your computer and use it in GitHub Desktop.
Download ZIP
Various Keycloak stuff, like URLs, etc.
Raw
keycloak-stuff.md

Keycloak Stuff / URLs

Required Actions

Generic

http(s)://{host}/realms/{realm}/protocol/openid-connect/auth?response_type=code&client_id={clientId}&scope=openid&redirect_uri={redirectUri}&kc_action={requiredActionId}

Example

http://localhost:8080/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=account&scope=openid&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Fdemo%2Faccount%2F&kc_action=UPDATE_PASSWORD

Best practice

Take the authorization_endpoint from the /.well-known/openid-configuration endpoint, don't use it hard-coded. Then, add the query params.

Registration

Generic

http(s)://{host}/realms/{realm}/protocol/openid-connect/registrations?client_id={clientId}&response_type=code&scope=openid&redirect_uri={redirectUri}

Example

http://localhost:8080/realms/demo/protocol/openid-connect/registrations?client_id=account_console&response_type=code&scope=openid&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Fdemo%2Faccount%2F

Note

There's no registration url contained in the /.well-known/openid-configuration endpoint. Maybe, use the authorization_endpoint and replace the auth path part with registrations.
ATTENTION: This is Keycloak specific! This is not part of the OIDC spec!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment