oauth-2.0 - keycloak client_credentials 授权类型禁用 refresh_token 动态客户端注册
问题描述
我正在尝试client_credentials在 Keycloak 中注册一个最小客户端。我希望禁用refresh_tokengrant_type。
想
"grant_types":["client_credentials"]
得到
"grant_types":["client_credentials","refresh_token"]
var (
clientRegistrationEndpoint = os.Getenv("CLIENT_REGISTRATION_ENDPOINT")
clientRegistrationInitialAccessToken = os.Getenv("CLIENT_REGISTRATION_IAT")
)
func TestCreateClientCredentialsClient(t *testing.T) {
metadata := v1alpha1.ClientMetadata{
GrantTypes: &[]v1alpha1.GrantType{
"client_credentials",
},
ResponseTypes: &[]v1alpha1.ResponseType{
"none",
},
}
jsBytes, _ := json.Marshal(metadata)
req, _ := http.NewRequest(http.MethodPost, clientRegistrationEndpoint, bytes.NewBuffer(jsBytes))
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer "+clientRegistrationInitialAccessToken)
reqBody, _ := httputil.DumpRequest(req, true)
t.Log("request:", string(reqBody))
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
resBody, _ := httputil.DumpResponse(resp, true)
t.Log("response:", string(resBody))
}
=== RUN TestCreateClientCredentialsClient
client_test.go:35: request: POST /auth/realms/foo/clients-registrations/openid-connect HTTP/1.1
Host: example.com
Authorization: Bearer initial.access.token
Content-Type: application/json
{"response_types":["none"],"grant_types":["client_credentials"]}
client_test.go:45: response: HTTP/1.1 201 Created
Content-Length: 1060
Connection: keep-alive
Content-Type: application/json
Date: Sun, 28 Mar 2021 08:38:52 GMT
Location: https://example.com/auth/realms/foo/clients-registrations/openid-connect/67ad371b-c4ac-4f0d-bcfa-11715c2b3587
Server: nginx/1.10.3
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
{"redirect_uris":[],"token_endpoint_auth_method":"client_secret_basic","grant_types":["client_credentials","refresh_token"],"response_types":[],"client_id":"67ad371b-c4ac-4f0d-bcfa-11715c2b3587","client_secret":"243ddb81-0d11-48e6-98fa-cf4e1eb089c3","subject_type":"public","tls_client_certificate_bound_access_tokens":false,"client_id_issued_at":1616920732,"client_secret_expires_at":0,"registration_client_uri":"https://example.com/auth/realms/foo/clients-registrations/openid-connect/67ad371b-c4ac-4f0d-bcfa-11715c2b3587","registration_access_token":"registration.access.token"}
--- PASS: TestCreateClientCredentialsClient (0.27s)
解决方案
推荐阅读
- html - 在应用 CSS 之前,如何防止网页呈现内容?
- c# - c#匿名对象,为什么有时只包含字段定义?
- visual-studio-code - 获取 a 的字符串文字的类型安全方法
带字符串的数组 - python - Python中的简单菜单,不使用“pip”
- mongodb - JSON对象截断Mlab?
- javascript - 当字段名称包含 @ 字符时,我将如何从 JSON 响应中提取数据
- javascript - 如何使用异步 API 调用作为 Javascript 中的值构建对象
- c++ - 使用父类方法覆盖的多重继承
- c# - 如何检查是否单击了动态创建的标签并更改其颜色?
- google-sheets - 查找匹配数据并替换右侧单元格中的数据的代码