Аутентификация по логину/паролю¶
Для аутентификации по логину/паролю необходимо передать следующие параметры:
- grant_type = password;
- username =
<login>; - password =
<password>; - client_id =
<client_id>.
Пример запроса на аутентификацию по логину/паролю:
POST <keyckoack-host>/realms/<keyckoack realm>/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=dh-user&password=QWE123_ty&client_id=dh-client
Пример ответа:
Cache-Control no-store
Pragma no-cache
Set-Cookie KEYCLOAK_LOCALE=ru;Version=1;Path=/realms/<keyckoack realm>/;HttpOnly;SameSite=Lax
content-length 4927
Content-Type application/json
Referrer-Policy no-referrer
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmYjd1a0R3WUpGYV9MOEVoNmZSSVBMM1Zlam1yNGNyRmtBcWFKMVlPTlA4In0.eyJleHAiOjE2Njg2NTgyNjYsImlhdCI6MTY2ODY1NjQ2NiwianRpIjoiNDY2NGE4NGUtN2I0NS00NTYyLTg5NzYtMGQwZDgzYzA4N2Y1IiwiaXNzIjoiaHR0cDovLzE3Mi4yOS43My41OTo4MDgwL3JlYWxtcy9ESCIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIwMzg5MGE4Yy01ZGJkLTQyN2YtOWFhMi1hNGZjZTdkYzg2ZDYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJkaC1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiZjFhOWQ1MzYtOGUwNy00NjM2LTgyYTQtYzcwYmEwMjRhMjFlIiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLWRoIiwiUk9MRV9VU0VSIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImRoLWNsaWVudCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiIsImRoLWFkbWluIiwiZGgtdXNlciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwic2lkIjoiZjFhOWQ1MzYtOGUwNy00NjM2LTgyYTQtYzcwYmEwMjRhMjFlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOlsiL2dyLXVzZXJzL2RoLXBvd2VyLXVzZXJzIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImRoLXVzZXIiLCJnaXZlbl9uYW1lIjoiIiwiZmFtaWx5X25hbWUiOiIifQ.AIU20H1lx-YWcJOwe41OxA5E0RN4N9s2sYW8HY_vU97T00KK0ruuhh573hPk2DvbURFJK7FkEubruXJafmisVJ4GS5emOoVyyOm4T47T5KY9GYy6kDW5faUbABt9DP_JhoesPuK33CEH0UGRcjAly5fHDPpanrorg5VPKnffsrxL7QL-_HC9fW_jG2ZKb7I1_8Ahm3Gp5UUkR7WN5S9u6zNWLc_jZk5v02fD0iiZtdjsbJ4PnVM3xNC-5s-p9EHnB8Rbg8SBoUKPix51zRmYAsLvdOU-jelUGUlez4DWkbzJ5UTc9R_UdMcRkz5nHv2xJRvjvqbihH9Hiz7NgVjMmA",
"expires_in": 1800,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjZmQ1YTI0Ni1lMjU3LTQ0ZDktOWMyYi04Yjc4ZDFkNTdiNzEifQ.eyJleHAiOjE2Njg2NTgyNjYsImlhdCI6MTY2ODY1NjQ2NiwianRpIjoiZGVmMThlZGQtNjdmMi00ZmE0LTg1NGMtNjg2Y2ZhMzcxNWRlIiwiaXNzIjoiaHR0cDovLzE3Mi4yOS43My41OTo4MDgwL3JlYWxtcy9ESCIsImF1ZCI6Imh0dHA6Ly8xNzIuMjkuNzMuNTk6ODA4MC9yZWFsbXMvREgiLCJzdWIiOiIwMzg5MGE4Yy01ZGJkLTQyN2YtOWFhMi1hNGZjZTdkYzg2ZDYiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiZGgtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImYxYTlkNTM2LThlMDctNDYzNi04MmE0LWM3MGJhMDI0YTIxZSIsInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsInNpZCI6ImYxYTlkNTM2LThlMDctNDYzNi04MmE0LWM3MGJhMDI0YTIxZSJ9.5TNWiE6xaPPTkhv8IV7IzO9OWQ004D0uMw99iTnhAhY",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "f1a9d536-8e07-4636-82a4-c70ba024a21e",
"scope": "profile email"
}
Параметр «access_token» из ответа необходимо использовать в заголовке «Authorization» как токен авторизации для последующих запросов к защищенным endpoint, добавив перед полученным токеном «Bearer».
Пример запроса с токеном авторизации:
GET http://<gateway-host>/protected-resource
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmYjd1a0R3WUpGYV9MOEVoNmZSSVBMM1Zlam1yNGNyRmtBcWFKMVlPTlA4In0.eyJleHAiOjE2Njg2NTgyNjYsImlhdCI6MTY2ODY1NjQ2NiwianRpIjoiNDY2NGE4NGUtN2I0NS00NTYyLTg5NzYtMGQwZDgzYzA4N2Y1IiwiaXNzIjoiaHR0cDovLzE3Mi4yOS43My41OTo4MDgwL3JlYWxtcy9ESCIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIwMzg5MGE4Yy01ZGJkLTQyN2YtOWFhMi1hNGZjZTdkYzg2ZDYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJkaC1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiZjFhOWQ1MzYtOGUwNy00NjM2LTgyYTQtYzcwYmEwMjRhMjFlIiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLWRoIiwiUk9MRV9VU0VSIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImRoLWNsaWVudCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiIsImRoLWFkbWluIiwiZGgtdXNlciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwic2lkIjoiZjFhOWQ1MzYtOGUwNy00NjM2LTgyYTQtYzcwYmEwMjRhMjFlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOlsiL2dyLXVzZXJzL2RoLXBvd2VyLXVzZXJzIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImRoLXVzZXIiLCJnaXZlbl9uYW1lIjoiIiwiZmFtaWx5X25hbWUiOiIifQ.AIU20H1lx-YWcJOwe41OxA5E0RN4N9s2sYW8HY_vU97T00KK0ruuhh573hPk2DvbURFJK7FkEubruXJafmisVJ4GS5emOoVyyOm4T47T5KY9GYy6kDW5faUbABt9DP_JhoesPuK33CEH0UGRcjAly5fHDPpanrorg5VPKnffsrxL7QL-_HC9fW_jG2ZKb7I1_8Ahm3Gp5UUkR7WN5S9u6zNWLc_jZk5v02fD0iiZtdjsbJ4PnVM3xNC-5s-p9EHnB8Rbg8SBoUKPix51zRmYAsLvdOU-jelUGUlez4DWkbzJ5UTc9R_UdMcRkz5nHv2xJRvjvqbihH9Hiz7NgVjMm