justinc1/keycloak-curl.sh

## keycloak-curl.sh
#!/bin/bash
# based on https://github.com/akoserwal/keycloak-integrations/blob/master/curl-post-request/keycloak-curl.sh

# Usage:
# Start test server (IP 172.17.0.2)
# docker run -it -p 8080:80 -p 8433:443 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:15.0.2 -b 0.0.0.0
# Get token
# PASSWORD=admin ./keycloak-curl.sh https://172.17.0.2:8443 master admin admin-cli 0
# List realms
# curl -H "Authorization: Bearer $(PASSWORD=admin ./keycloak-curl.sh https://172.17.0.2:8443 master admin admin-cli 0)" -k https://172.17.0.2:8443/auth/admin/realms/ | jq
# partial-export realm
# curl -H "Authorization: Bearer $(PASSWORD=admin ./keycloak-curl.sh https://172.17.0.2:8443 master admin admin-cli 0)" -k -X POST 'https://172.17.0.2:8443/auth/admin/realms/myrealm/partial-export?exportClients=1&exportGroupsAndRoles=1' > myrealm-partial-export.json
# partial-import realm
# curl -H "Authorization: Bearer $(PASSWORD=admin ./keycloak-curl.sh https://172.17.0.2:8443 master admin admin-cli 0)" -k -X POST https://172.17.0.2:8443/auth/admin/realms -H "Content-Type: application/json" --data @myrealm-partial-export.json

if [ $# -ne 5 ]; then
  echo 1>&2 "Usage: . $0 hostname realm username clientid"
  echo 1>&2 "  options:"
  echo 1>&2 "    hostname: localhost:8081"
  echo 1>&2 "    realm:keycloak-demo"
  echo 1>&2 "    clientid:demo"
  echo 1>&2 "    For verify ssl: use 'y' (otherwise it will send curl post with --insecure)"

  return
fi

BASE_URL=$1
REALM_NAME=$2
USERNAME=$3
CLIENT_ID=$4
SECURE=$5


KEYCLOAK_URL=$BASE_URL/auth/realms/$REALM_NAME/protocol/openid-connect/token


echo 1>&2 "Using Keycloak: $KEYCLOAK_URL"
echo 1>&2 "realm: $REALM_NAME"
echo 1>&2 "client-id: $CLIENT_ID"
echo 1>&2 "username: $USERNAME"
echo 1>&2 "secure: $SECURE"


if [[ $SECURE = 'y' ]]; then
	INSECURE=
else
	INSECURE=--insecure
fi


# echo -n Password:
# read -s PASSWORD
if [[ -z $PASSWORD ]]; then
  echo 1>&2 password not in environ
  exit 1
fi

token_data=$(curl -X POST "$KEYCLOAK_URL" "$INSECURE" \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -d "username=$USERNAME" \
 -d "password=$PASSWORD" \
 -d 'grant_type=password' \
 -d "client_id=$CLIENT_ID")
# echo token_data=$token_data
export TOKEN=$(echo $token_data | python -c 'import json, sys; d=json.loads(sys.stdin.read()); print(d["access_token"]);')
# -d "client_id=$CLIENT_ID" | jq -r '.access_token')
echo $TOKEN

if [[ $(echo $TOKEN) != 'null' ]]; then
	export KEYCLOAK_TOKEN=$TOKEN
fi
	#!/bin/bash
	# based on https://github.com/akoserwal/keycloak-integrations/blob/master/curl-post-request/keycloak-curl.sh

	# Usage:
	# Start test server (IP 172.17.0.2)
	# docker run -it -p 8080:80 -p 8433:443 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:15.0.2 -b 0.0.0.0
	# Get token
	# PASSWORD=admin ./keycloak-curl.sh https://172.17.0.2:8443 master admin admin-cli 0
	# List realms
	# curl -H "Authorization: Bearer $(PASSWORD=admin ./keycloak-curl.sh https://172.17.0.2:8443 master admin admin-cli 0)" -k https://172.17.0.2:8443/auth/admin/realms/ \| jq
	# partial-export realm
	# curl -H "Authorization: Bearer $(PASSWORD=admin ./keycloak-curl.sh https://172.17.0.2:8443 master admin admin-cli 0)" -k -X POST 'https://172.17.0.2:8443/auth/admin/realms/myrealm/partial-export?exportClients=1&exportGroupsAndRoles=1' > myrealm-partial-export.json
	# partial-import realm
	# curl -H "Authorization: Bearer $(PASSWORD=admin ./keycloak-curl.sh https://172.17.0.2:8443 master admin admin-cli 0)" -k -X POST https://172.17.0.2:8443/auth/admin/realms -H "Content-Type: application/json" --data @myrealm-partial-export.json

	if [ $# -ne 5 ]; then
	echo 1>&2 "Usage: . $0 hostname realm username clientid"
	echo 1>&2 " options:"
	echo 1>&2 " hostname: localhost:8081"
	echo 1>&2 " realm:keycloak-demo"
	echo 1>&2 " clientid:demo"
	echo 1>&2 " For verify ssl: use 'y' (otherwise it will send curl post with --insecure)"

	return
	fi

	BASE_URL=$1
	REALM_NAME=$2
	USERNAME=$3
	CLIENT_ID=$4
	SECURE=$5



	KEYCLOAK_URL=$BASE_URL/auth/realms/$REALM_NAME/protocol/openid-connect/token



	echo 1>&2 "Using Keycloak: $KEYCLOAK_URL"
	echo 1>&2 "realm: $REALM_NAME"
	echo 1>&2 "client-id: $CLIENT_ID"
	echo 1>&2 "username: $USERNAME"
	echo 1>&2 "secure: $SECURE"


	if [[ $SECURE = 'y' ]]; then
	INSECURE=
	else
	INSECURE=--insecure
	fi


	# echo -n Password:
	# read -s PASSWORD
	if [[ -z $PASSWORD ]]; then
	echo 1>&2 password not in environ
	exit 1
	fi

	token_data=$(curl -X POST "$KEYCLOAK_URL" "$INSECURE" \
	-H "Content-Type: application/x-www-form-urlencoded" \
	-d "username=$USERNAME" \
	-d "password=$PASSWORD" \
	-d 'grant_type=password' \
	-d "client_id=$CLIENT_ID")
	# echo token_data=$token_data
	export TOKEN=$(echo $token_data \| python -c 'import json, sys; d=json.loads(sys.stdin.read()); print(d["access_token"]);')
	# -d "client_id=$CLIENT_ID" \| jq -r '.access_token')
	echo $TOKEN

	if [[ $(echo $TOKEN) != 'null' ]]; then
	export KEYCLOAK_TOKEN=$TOKEN
	fi