i want to read all Users from a realm via rest api and postman. If I send http://localhost:8080/realms/{realm}/users i get no response.
Does anyone know a tutorial on how to use the api? I also want to add users, which does not work with the api.
I read the keycloak api description, but I don’t understand what I have todo.
Thx
The official documentation does not describe it very accurately.
You can try this api
http://localhost:8080/auth/admin/realms/{realm}/users
add "auth/admin" after your host address.
Access to this api requires admin access_token.
The process of getting an access to Keycloak REST API is described in the Server Development Guide - Admin REST API.
https://www.keycloak.org/docs/latest/server_development/index.html#admin-rest-api
You need first to obtain an access token from Master realm and then using this access token submit a request to realm you want to get users from.
Make sure to use "client_id=admin-cli" parameter when requesting the access token from Master realm.
Related
I am new to Django and working as an intern for a company. I have been tasked with creating an internal software for them to use. The software needs to have a log in system for the employees. However, the company already has an auth api they use for other products. How can I make use of that api to log the users on? I have searched for an answer for a while and I couldn't find one.
The auth api has an endpoint called '/token' which is used to validate the email and password.
I'm guessing I need to remove the 'django.auth' stuff from settings, but I have no more insight into this than that. Any help would greatly be appreciate.
Below is the swaggerhub documentation for an endpoint of the api:
/token:
post:
summary: Generate a new token (aka login)
operationId: createToken
tags:
- authentication
description:
Login using email and password, and retrieve a newly created bearer token to access our APIs.
Alternatively, use a token to create another one.
You need to create an Authentication backend which will check the given to tokens in your existing token database.
See Customizing authentication in Django
I'm trying to connect my website's API and mobile app. I need to authenticate the user with google account but I don't know how to do it.
I created the backend with Django. And I set the endpoint as rest-auth/google/. On the restframework's page, it requires Access Token and Code but honestly I don't get how I can test if it actually works using actual google account.
I want to test from mobile app but I don't understand how and what I need to POST.
Anyone could give me tips?
I would recommend you to use a ready solution like "django-allauth".
If you want to do authentication yourself you might want to read Google's documentation about the topic:
https://developers.google.com/api-client-library/python/
In nutshell you create API credentials:
https://console.cloud.google.com/apis/credentials
Send a user to a link with specific parameters (api-credentials, scope, redirect link etc). Google client can help you to generate it.
A user will login in his account as he would normally do and will give your app permissions to use his information (or won't). After that he will be redirected to the link you specified with GET request with a code as a parameter (or error).
With help of Google client you can exchange the code on a token and then use that token to get information from his profile.
I have a web app where front end layer has a angular based UI.It has both public pages and other private pages which are accessible to logged in users and it depends on roles of the logged in users as well
My server based application is a java based rest service api .
How can i use wso2 for handle user authenticaiton and role based authorsation.i would like to have an additional layer of api security depending on the role of the user as well.
can someone explain the best architecture for this in wso2?
if i use wso2 api manager , how can i handle login's of the user and how to relate api access with role of the logged in user?
thanks in advance
you can use wso2 appmanager to control the access of any web apps[1]. App manager supports role based access control as well as xacml policy based access control . In order to provide api level role based security you can use scopes[2] in wso2 api manager
[1] https://docs.wso2.com/display/APPM120/Web+Application+Resource+Authorization
[2] https://docs.wso2.com/display/APPM120/Web+Application+Resource+Authorization
Let me suggest another solution. I haven't tried this with APIM. But since APIM also has Identity features installed in it, this should work.
Use OpenID Connect for login. See here for a sample. This sample is for IS, but it should work for APIM too. Only endpoint URLs are different in APIM like this.
Token: https://localhost:8243/token
Revoke: https://localhost:8243/revoke
Authorize: https://localhost:8243/authorize
There, when a user login, you get an ID_token which contains user claims. You can allow/deny page views depending on those data.
In above step, you create an SP and generate a client key-secret pair. You can set the same keys in APIM's application. Read this.
Then, as I mentioned here, you can use scopes to secure your APIs by roles.
I am a new bee in using POSTMAN - Rest Client - Chrome API
I want to use the Basic Auth which is available in POSTMAN.
I am trying to login into my Google account at url - "https://www.gmail.com".
I provided my Username & Password in the Basic Auth and I had tried GET and POST.
I got a Status 200 OK which loads me the home page but it is not logged in.
I know that i need to change the url, but i am not able to find the correct one which to use?
It would be helpful if #examples are provided for the Different Types of Auth Provided as well.
The link you have provided is deprecated. I don't know if the Gmail API allowed Basic Auth at the time you asked the question, but right now it needs OAuth 2.0, as indicated in the opening lines here.
The correct url is https://accounts.google.com/o/oauth2/auth, and this link explains how to supply the parameters.
If I remember correctly, Google stopped allowing http clients(like Postman) accessing its APIs through Basic Auth one year back or more. Now, Google allowing its APIs to be accessed using OAuth 2.0.
For accessing Google APIs, you need to setup an OAuth Application, here
When you create this OAuth Application, Google will generate ClientId and ClientSecret.
With these clientId and clientSecret, you need to generate Access and Refresh Tokens and eventually, you will use these tokens to access Google APIs.
Read more about Google OAuth 2.0 and you will get more information about accessing APIs.
I am trying to use the Google Contacts API and the Python / GDATA client handlers to access Contacts via OAuth 2.0 for users in the domain. I'm ultimately wanting to create a web service to add contacts for users, but the first step is getting this test working.
I can access my own Contacts just fine if I use the default URI. However, when I pass in the email address to construct the URI for another user, I can't seem to access the other user's Contacts. Here is the code that I'm using:
client.GetContacts(uri=client.GetFeedUri(contact_list=userEmail))
A 403 error is returned when I execute this.
gdata.client.RequestError: Server responded with: 403
Your client does not have permission to get URL /m8/feeds/contacts/<userEmail>/full from this server.
Mostly just trying to understand if what I'm attempting here is even possible. In the Email Settings API, for example, you can get authenticated to the domain and pass in a user's email to list their labels, add filters, etc. So, I would anticipate that the Contacts API would work the same, though handled slightly differently, i.e. modifying the URI, instead of just passing in an argument to the client handler. Please let me know if I am wrong in that presumption.
For authorization, I'm getting the details using flow_from_clientsecrets, then getting the token to authorize the ContactsClient for the domain. Again, I can access my own contacts fine, so authorization seems OK, but I can't access other users' contacts.
client = token.authorize(ContactsClient(domain=domain))
Seems like I'm missing something with respect to accessing other users. Is anybody able to assist me over this hump? Here are some things that I've checked / confirmed:
Contacts API is enabled for the project
Scopes have been authorized for the Client ID in the control panel > Manage 3rd party access
I am a Super Admin in the domain.
Thanks for your time!
I figured out the answer here from another post with exceptional detail:
Domain-Wide Access to Google GDATA APIs
You need to use "Service Account" authentication. For some reason, I was thinking that would only work with the newer discovery-based APIs. But, service account access also works for GDATA APIs. I can access all the Contacts for users in the domain now.