Making simple calls complicated to make them simple again.
-
I posted last week[^] about how I was developing a new component which is intended to help you interact with, and administer Keycloak instances. The first operation in Keycloak is the ability to generate an access token for a user; this capability lies at the heart of pretty much every operation. Now, if I were doing this via curl, this would be the command I would issue.
curl \
-d "client_id=admin-cli" \
-d "username=admin" \
-d "password=password" \
-d "grant_type=password" \
"http://localhost:8080/realms/master/protocol/openid-connect/token"All very straightforward, but I want to provide code access to the APIs. Right now, to do the same thing, I have a large number of classes, but the simplicity I was talking about last week allows me to write minimal APIs that look like this.
using Keycloak.Core.Authentication;
using Keycloak.Core.Models;
using Keycloak.Core.Options;
using Microsoft.Extensions.Options;var builder = WebApplication.CreateBuilder(args);
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddHttpClient();
builder.Services.AddOptions<KeycloakConnectionOptions>()
.BindConfiguration("keycloak").
ValidateDataAnnotations().
ValidateOnStart();builder.Services.AddTransient<Authorize>();
builder.Services.AddSingleton(r => r.GetRequiredService<IOptions<KeycloakConnectionOptions>>().Value);
var app = builder.Build();app.MapGet("/", () => "Hello World");
app.MapGet("/token", async (Authorize authorize) =>
{
var options = builder.Configuration.GetSection("keycloak").Get<KeycloakConnectionOptions>();
Token token = await authorize.GetAccessToken(options, "CP", "Master");
return Results.Ok(token);
});app.Run();
Behind this, I have a really simple JSON structure:
"keycloak": {
"AuthorizationServerUrl": "http://localhost:8080/",
"Realms": [{
"Key": "CP",
"Realm": "CP",
"SslRequired": "External",
"Resource": "CP-Test",
"AuthenticationOptions": [{
"Key": "Master",
"AuthenticationType": "Password",
"Password": {
"Username": "peter",
"Password": "peter"
}
}]
}]
}I love simplicity and I love that fast iterations allow me to turn the code around really quickly, including valida
This post and all of @code-witch posts make me feel like am a fraud at my work place.
"Coming soon"
-
This post and all of @code-witch posts make me feel like am a fraud at my work place.
"Coming soon"
-
Part of me liked this post because I didn't understand any of it, and it helps remind me of how half my discussions come off to others. :laugh:
To err is human. Fortune favors the monsters.
Can relate. Was a temporary math teacher at one point :)
-
This post and all of @code-witch posts make me feel like am a fraud at my work place.
"Coming soon"
If it makes you feel better, I didn't understand the OP either. :-D
To err is human. Fortune favors the monsters.
-
This post and all of @code-witch posts make me feel like am a fraud at my work place.
"Coming soon"
What does it make me if I understand Pete's post completely and almost all of Honey's posts? On second thought, don't answer that question. :sigh:
-
I posted last week[^] about how I was developing a new component which is intended to help you interact with, and administer Keycloak instances. The first operation in Keycloak is the ability to generate an access token for a user; this capability lies at the heart of pretty much every operation. Now, if I were doing this via curl, this would be the command I would issue.
curl \
-d "client_id=admin-cli" \
-d "username=admin" \
-d "password=password" \
-d "grant_type=password" \
"http://localhost:8080/realms/master/protocol/openid-connect/token"All very straightforward, but I want to provide code access to the APIs. Right now, to do the same thing, I have a large number of classes, but the simplicity I was talking about last week allows me to write minimal APIs that look like this.
using Keycloak.Core.Authentication;
using Keycloak.Core.Models;
using Keycloak.Core.Options;
using Microsoft.Extensions.Options;var builder = WebApplication.CreateBuilder(args);
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddHttpClient();
builder.Services.AddOptions<KeycloakConnectionOptions>()
.BindConfiguration("keycloak").
ValidateDataAnnotations().
ValidateOnStart();builder.Services.AddTransient<Authorize>();
builder.Services.AddSingleton(r => r.GetRequiredService<IOptions<KeycloakConnectionOptions>>().Value);
var app = builder.Build();app.MapGet("/", () => "Hello World");
app.MapGet("/token", async (Authorize authorize) =>
{
var options = builder.Configuration.GetSection("keycloak").Get<KeycloakConnectionOptions>();
Token token = await authorize.GetAccessToken(options, "CP", "Master");
return Results.Ok(token);
});app.Run();
Behind this, I have a really simple JSON structure:
"keycloak": {
"AuthorizationServerUrl": "http://localhost:8080/",
"Realms": [{
"Key": "CP",
"Realm": "CP",
"SslRequired": "External",
"Resource": "CP-Test",
"AuthenticationOptions": [{
"Key": "Master",
"AuthenticationType": "Password",
"Password": {
"Username": "peter",
"Password": "peter"
}
}]
}]
}I love simplicity and I love that fast iterations allow me to turn the code around really quickly, including valida
Pete O'Hanlon wrote:
Behind this, I have a really simple JSON structure:
What happens when the json is missing the 'AuthorizationServerUrl' completely? Or it has been incorrectly entered and is not a valid url? What happens if the password is wrong or expired?
-
Pete O'Hanlon wrote:
Behind this, I have a really simple JSON structure:
What happens when the json is missing the 'AuthorizationServerUrl' completely? Or it has been incorrectly entered and is not a valid url? What happens if the password is wrong or expired?
The options are validated to make sure the values are supplied. There's a lot of validation in here, and a lot more coming. This isn't just dump and throw. That's what is happening in the ValidateDataAnnotations part.
-
I posted last week[^] about how I was developing a new component which is intended to help you interact with, and administer Keycloak instances. The first operation in Keycloak is the ability to generate an access token for a user; this capability lies at the heart of pretty much every operation. Now, if I were doing this via curl, this would be the command I would issue.
curl \
-d "client_id=admin-cli" \
-d "username=admin" \
-d "password=password" \
-d "grant_type=password" \
"http://localhost:8080/realms/master/protocol/openid-connect/token"All very straightforward, but I want to provide code access to the APIs. Right now, to do the same thing, I have a large number of classes, but the simplicity I was talking about last week allows me to write minimal APIs that look like this.
using Keycloak.Core.Authentication;
using Keycloak.Core.Models;
using Keycloak.Core.Options;
using Microsoft.Extensions.Options;var builder = WebApplication.CreateBuilder(args);
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddHttpClient();
builder.Services.AddOptions<KeycloakConnectionOptions>()
.BindConfiguration("keycloak").
ValidateDataAnnotations().
ValidateOnStart();builder.Services.AddTransient<Authorize>();
builder.Services.AddSingleton(r => r.GetRequiredService<IOptions<KeycloakConnectionOptions>>().Value);
var app = builder.Build();app.MapGet("/", () => "Hello World");
app.MapGet("/token", async (Authorize authorize) =>
{
var options = builder.Configuration.GetSection("keycloak").Get<KeycloakConnectionOptions>();
Token token = await authorize.GetAccessToken(options, "CP", "Master");
return Results.Ok(token);
});app.Run();
Behind this, I have a really simple JSON structure:
"keycloak": {
"AuthorizationServerUrl": "http://localhost:8080/",
"Realms": [{
"Key": "CP",
"Realm": "CP",
"SslRequired": "External",
"Resource": "CP-Test",
"AuthenticationOptions": [{
"Key": "Master",
"AuthenticationType": "Password",
"Password": {
"Username": "peter",
"Password": "peter"
}
}]
}]
}I love simplicity and I love that fast iterations allow me to turn the code around really quickly, including valida
-
I posted last week[^] about how I was developing a new component which is intended to help you interact with, and administer Keycloak instances. The first operation in Keycloak is the ability to generate an access token for a user; this capability lies at the heart of pretty much every operation. Now, if I were doing this via curl, this would be the command I would issue.
curl \
-d "client_id=admin-cli" \
-d "username=admin" \
-d "password=password" \
-d "grant_type=password" \
"http://localhost:8080/realms/master/protocol/openid-connect/token"All very straightforward, but I want to provide code access to the APIs. Right now, to do the same thing, I have a large number of classes, but the simplicity I was talking about last week allows me to write minimal APIs that look like this.
using Keycloak.Core.Authentication;
using Keycloak.Core.Models;
using Keycloak.Core.Options;
using Microsoft.Extensions.Options;var builder = WebApplication.CreateBuilder(args);
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddHttpClient();
builder.Services.AddOptions<KeycloakConnectionOptions>()
.BindConfiguration("keycloak").
ValidateDataAnnotations().
ValidateOnStart();builder.Services.AddTransient<Authorize>();
builder.Services.AddSingleton(r => r.GetRequiredService<IOptions<KeycloakConnectionOptions>>().Value);
var app = builder.Build();app.MapGet("/", () => "Hello World");
app.MapGet("/token", async (Authorize authorize) =>
{
var options = builder.Configuration.GetSection("keycloak").Get<KeycloakConnectionOptions>();
Token token = await authorize.GetAccessToken(options, "CP", "Master");
return Results.Ok(token);
});app.Run();
Behind this, I have a really simple JSON structure:
"keycloak": {
"AuthorizationServerUrl": "http://localhost:8080/",
"Realms": [{
"Key": "CP",
"Realm": "CP",
"SslRequired": "External",
"Resource": "CP-Test",
"AuthenticationOptions": [{
"Key": "Master",
"AuthenticationType": "Password",
"Password": {
"Username": "peter",
"Password": "peter"
}
}]
}]
}I love simplicity and I love that fast iterations allow me to turn the code around really quickly, including valida
-
I posted last week[^] about how I was developing a new component which is intended to help you interact with, and administer Keycloak instances. The first operation in Keycloak is the ability to generate an access token for a user; this capability lies at the heart of pretty much every operation. Now, if I were doing this via curl, this would be the command I would issue.
curl \
-d "client_id=admin-cli" \
-d "username=admin" \
-d "password=password" \
-d "grant_type=password" \
"http://localhost:8080/realms/master/protocol/openid-connect/token"All very straightforward, but I want to provide code access to the APIs. Right now, to do the same thing, I have a large number of classes, but the simplicity I was talking about last week allows me to write minimal APIs that look like this.
using Keycloak.Core.Authentication;
using Keycloak.Core.Models;
using Keycloak.Core.Options;
using Microsoft.Extensions.Options;var builder = WebApplication.CreateBuilder(args);
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddHttpClient();
builder.Services.AddOptions<KeycloakConnectionOptions>()
.BindConfiguration("keycloak").
ValidateDataAnnotations().
ValidateOnStart();builder.Services.AddTransient<Authorize>();
builder.Services.AddSingleton(r => r.GetRequiredService<IOptions<KeycloakConnectionOptions>>().Value);
var app = builder.Build();app.MapGet("/", () => "Hello World");
app.MapGet("/token", async (Authorize authorize) =>
{
var options = builder.Configuration.GetSection("keycloak").Get<KeycloakConnectionOptions>();
Token token = await authorize.GetAccessToken(options, "CP", "Master");
return Results.Ok(token);
});app.Run();
Behind this, I have a really simple JSON structure:
"keycloak": {
"AuthorizationServerUrl": "http://localhost:8080/",
"Realms": [{
"Key": "CP",
"Realm": "CP",
"SslRequired": "External",
"Resource": "CP-Test",
"AuthenticationOptions": [{
"Key": "Master",
"AuthenticationType": "Password",
"Password": {
"Username": "peter",
"Password": "peter"
}
}]
}]
}I love simplicity and I love that fast iterations allow me to turn the code around really quickly, including valida
var bs = builder.Services;
bs.Add...
etc."Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
-
Lost me in details. I see similarity of JSON and curl validations, but details flew right by. To be honest I don't what Keycloak is. I assume some sort of validation system.
"A little time, a little trouble, your better day" Badfinger
Yes, indeed ... it supports OAuth 2 scenarios for http endpoint protection ( [Keycloak](https://www.keycloak.org/) ), and it is an alternative for IS 4 ...
-
Yes, indeed ... it supports OAuth 2 scenarios for http endpoint protection ( [Keycloak](https://www.keycloak.org/) ), and it is an alternative for IS 4 ...
Thank you peterkm. I appreciate the info. Ask and you shall learn. BTW I do Worldle - Guess the Country![^] and today (Feb 15, 2023) is was Belgium. Extremely good beer for a Yankee like me.
"A little time, a little trouble, your better day" Badfinger
-
Very interesting :-), and I am curious about Keycloak.Core.... library. I guess this is work in progress (?)
-
Lost me in details. I see similarity of JSON and curl validations, but details flew right by. To be honest I don't what Keycloak is. I assume some sort of validation system.
"A little time, a little trouble, your better day" Badfinger
Keycloak is an identity and access management system. I find it to be easier to use than Identity Manager, and it has the benefit of being free. If you want user management that is easy to control, and that integrates with federated sources such as Facebook, Twitter, and Microsoft, this is the place to be.
-
Thank you peterkm. I appreciate the info. Ask and you shall learn. BTW I do Worldle - Guess the Country![^] and today (Feb 15, 2023) is was Belgium. Extremely good beer for a Yankee like me.
"A little time, a little trouble, your better day" Badfinger
Quote:
Extremely good beer for a Yankee like me.
Thanks for the recognition :-O ... all credits go to Belgian/Flemish monks :-) who created "Trappist Westmalle Dubbel", "Westvleteren", and some more ... Being careful is necessary as they are quite strong 8-9% or even more ...