我已经设置了本地PHP服务器,并希望从KeyCloak获得授权令牌。
我已经发送了这样的请求:
$url = "http://docker:10040/auth/realms/myrealm/protocol/openid-connect/token"
$data = "client_id=postman&username=admin&password=12345&grant_type=password"
$headers = array('Content-Type: application/x-www-form-urlencoded');
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
if ($data)
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_VERBOSE, 1);
$result = curl_exec($curl);
但这返回给我:
{"error":"unauthorized_client","error_description":"Client secret not provided in request"}
现在,显然是"您没有这样的客户"的情况,对吗?除非我确实使用Postman发送"基本上"同一请求时:
POST /auth/realms/myrealm/protocol/openid-connect/token? HTTP/1.1
Host: docker:10040
Content-Type: application/x-www-form-urlencoded
cache-control: no-cache
Postman-Token: c08c2144-4ea0-45ad-ab16-150db7768825
最后一行是正文,但是它不可读取,所以让我们重新介绍它:
grant_type:password
username:admin
password:12345
client_id:postman
,如您所见,基本相同。除了邮递员令牌。
邮递员的结果是正确的答案,确实包括access_token:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxWjZ0SXNXa2JLSUNkSG96eWJHT1QybU90S1p1T3RiMU9lNWVRTlZzLW5ZIn0.eyJqdGkiOiI0OWE2MmE4Ny1lMjc2LTRjMjctODA5YS1jMTUzMWViNjYzOWQiLCJleHAiOjE1NTI0MDE1NjMsIm5iZiI6MCwiaWF0IjoxNTUyNDAxMjYzLCJpc3MiOiJodHRwOi8vZG9ja2VyOjEwMDQwL2F1dGgvcmVhbG1zLzFzcGlubWlsbGlvbmFpcmUiLCJhdWQiOiJwb3N0bWFuIiwic3ViIjoiMjFlMjc5MmEtNGQ1NS00YTVjLTlmNDctNDcxMDA5ZTEzNmFiIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicG9zdG1hbiIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6ImU0MjY4YjQ3LWQzZjctNDQxMS1iYmY3LWM4MzE5OTUwZWE2OSIsImFjciI6IjEiLCJjbGllbnRfc2Vzc2lvbiI6IjFmMzhkYmE5LWRhYWMtNGUyOC1hODdjLTI4MDcyN2YzYzhjNSIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJyb2xlX2FkbWluIiwicm9sZV92aWV3X3VzZXJzIiwicm9sZV9wYXJ0bmVyIiwidW1hX2F1dGhvcml6YXRpb24iLCJyb2xlX3BhcnRuZXJfYWRtaW5pc3RyYXRvciJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InJlYWxtLW1hbmFnZW1lbnQiOnsicm9sZXMiOlsidmlldy11c2VycyJdfSwicmVzb3VyY2Utc2VydmVyIjp7InJvbGVzIjpbInJvbGVfYWRtaW4iLCJyb2xlX3BhcnRuZXIiLCJyb2xlX3BhcnRuZXJfYWRtaW5pc3RyYXRvciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiJ9.Ojw34yZkNmeTBvD7M1OTLv5PRnPcNO7nxf5d_w8yh_zuGTXCwPEyKm1blfpBDYkrKtjbwnamwWWZeBKYzLCUwebnE5rrEDG13fKC3iTdqkh5tEYMRhn8C8LAGBPy6uVhWJyL2X9CCbNQNNTiBUD3Ida6EK1K0rreoSpWInHgEktBumpleFdznCUHoZe6-xina5S4yC1TtZOWtSl4nrBgrn720uqmg-lN6_HacV6YnldYmtJWr_ay7EvmTAc4KLh5XU6YyulcXrq7Z921Zqupe3VJRhhFNssWYqT7c_bIGao5HYTgcmOnRsp_iGuT_6ku2LFEKXrLxmVJDaM9ok_3lA",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxWjZ0SXNXa2JLSUNkSG96eWJHT1QybU90S1p1T3RiMU9lNWVRTlZzLW5ZIn0.eyJqdGkiOiIyOTJhMTY4NC1jZjk1LTRkYmMtYjdhNy1iM2RhZTZlY2NlODciLCJleHAiOjE1NTI0MDMwNjMsIm5iZiI6MCwiaWF0IjoxNTUyNDAxMjYzLCJpc3MiOiJodHRwOi8vZG9ja2VyOjEwMDQwL2F1dGgvcmVhbG1zLzFzcGlubWlsbGlvbmFpcmUiLCJhdWQiOiJwb3N0bWFuIiwic3ViIjoiMjFlMjc5MmEtNGQ1NS00YTVjLTlmNDctNDcxMDA5ZTEzNmFiIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InBvc3RtYW4iLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJlNDI2OGI0Ny1kM2Y3LTQ0MTEtYmJmNy1jODMxOTk1MGVhNjkiLCJjbGllbnRfc2Vzc2lvbiI6IjFmMzhkYmE5LWRhYWMtNGUyOC1hODdjLTI4MDcyN2YzYzhjNSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJyb2xlX2FkbWluIiwicm9sZV92aWV3X3VzZXJzIiwicm9sZV9wYXJ0bmVyIiwidW1hX2F1dGhvcml6YXRpb24iLCJyb2xlX3BhcnRuZXJfYWRtaW5pc3RyYXRvciJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InJlYWxtLW1hbmFnZW1lbnQiOnsicm9sZXMiOlsidmlldy11c2VycyJdfSwicmVzb3VyY2Utc2VydmVyIjp7InJvbGVzIjpbInJvbGVfYWRtaW4iLCJyb2xlX3BhcnRuZXIiLCJyb2xlX3BhcnRuZXJfYWRtaW5pc3RyYXRvciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX19.UTqGzJEnwzjsYnAIGvFafyJCWpmjVMjttvByX7r-KGtgmiqeKvVFSnisAIic8S8n6lHvAtW_K3s35CWovofHJqia9kEk2eyNZIZQGDM8LCum2KgKBOv4Jqg8H3F54gQzr4Pd17SbavpU38--FqDOHMX8a6L6GLs7yUy7PZ86MTm-B4V49ckleCGt0qMtzXMn8GmA1PnjCk5VpB_XR2FSEzuGfFwiXtq3HmWEGL-EybGRj-1GVNi568N2O1tKrHu8SeM-cg8KHEs5oa_C_lpCTii0OqVx7-NInaPpabua1QjrVtPtqS2f1dXuSMmVNwFRPw8ANHxmK4U9zFLgkBloxg",
"token_type": "bearer",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxWjZ0SXNXa2JLSUNkSG96eWJHT1QybU90S1p1T3RiMU9lNWVRTlZzLW5ZIn0.eyJqdGkiOiIyMGY1OTgzMC05MTFiLTQwNTctYWFiMi05N2NiZGJhNDEwNDMiLCJleHAiOjE1NTI0MDE1NjMsIm5iZiI6MCwiaWF0IjoxNTUyNDAxMjYzLCJpc3MiOiJodHRwOi8vZG9ja2VyOjEwMDQwL2F1dGgvcmVhbG1zLzFzcGlubWlsbGlvbmFpcmUiLCJhdWQiOiJwb3N0bWFuIiwic3ViIjoiMjFlMjc5MmEtNGQ1NS00YTVjLTlmNDctNDcxMDA5ZTEzNmFiIiwidHlwIjoiSUQiLCJhenAiOiJwb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiZTQyNjhiNDctZDNmNy00NDExLWJiZjctYzgzMTk5NTBlYTY5IiwiYWNyIjoiMSIsIm5hbWUiOiIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiJ9.tf1erOZwlXfIklEfx-RtHQvFA4ioMrgZUQYup1sPDQvrZIJJlUf_S6TtJXb226xLWHpyrBKiX6BHJmq6wKCNdOHwP1Rzr7toA7AdfqtRUtTpvW5ZyfzJod4u3wd55u6W5GFCfHPnaOrNEVexKT8HIEty35l110iX2eOAzVB9JBJ5OsJl9PkJzrAct3DhIchaqwWKPrVD2kebyRVNk4RlNJmRzDsH1br4Wv2F9Tjny5ShffzBbCn47LZDQBOO4VbcGgmzyrpYJ70l1DSChdL3chVihwPttA6kiQUYCux1wQd5MSue8Yu7u-YZbXXswOy9ZXU3mfWDdN2I1u4wX3T7UA",
"not-before-policy": 0,
"session_state": "e4268b47-d3f7-4411-bbf7-c8319950ea69"
}
我想念什么?对我来说,他们看起来一样。主要区别显然是通过邮递员/客户端发送一个,而另一个是通过基于服务器的PHP脚本发送的。我看不出问题的可能性。我错了吗?
如何通过PHP将卷曲发送到KeyCloak,以便它返回给我访问令牌?
有两个选择:
- 更改客户设置为公共设置,而不是访问类型组合中的"机密"(在客户端设置中)
-
在请求中添加参数:
&grant_type=password&client_secret=your_secret_client_value请参阅http://keycloak-user.88327.x6.nabble.com/keycloak-user-client-secret-secret-not-not-not-not-not-not-not-in-request-td1936.html