Pre-configured KeyCloak OpenID Connect server for testing.
set issuer, clientId in apps/webapp/src/environments/environment.ts
Copy auth: {
clientId : 'ngxweb' ,
issuer : 'http: //localhost:8080/auth/realms/ngx',
}
Copy # Start keycloak
docker-compose up keycloak
# Stop keycloak
docker-compose stop keycloak
# this will remove volume created by docker.
docker-compose down
# SSH into keycloak container
docker-compose exec keycloak sh
Do import config. (first time only...)
Copy # Environment variable. change as per your server setup
OIDC_ISSUER_URL = http://localhost:8080/auth/realms/ngx
OIDC_CLIENT = ngxweb
USERNAME = sumo
PASSWORD = demo
# get URLs
curl $OIDC_ISSUER_URL /.well-known/openid-configuration | jq .
#get certs
curl $OIDC_ISSUER_URL /protocol/openid-connect/certs | jq .
# Get tokens
response = $( curl -X POST $OIDC_ISSUER_URL /protocol/openid-connect/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d username= $USERNAME \
-d password= $PASSWORD \
-d client_id= $OIDC_CLIENT \
-d 'grant_type=password' \
-d 'scope=openid' )
access_token = $( echo $response | jq -r '.access_token' )
id_token = $( echo $response | jq -r '.id_token' )
refresh_token = $( echo $response | jq -r '.refresh_token' )
# Print tokens
echo $access_token
echo $id_token
echo $refresh_token
# Get User Profile
curl -X POST $OIDC_ISSUER_URL /protocol/openid-connect/userinfo \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "access_token=$access_token" | jq .
# Logout
curl -X POST $OIDC_ISSUER_URL /protocol/openid-connect/logout \
-H "Content-Type: application/x-www-form-urlencoded" \
-d client_id= $OIDC_CLIENT \
-d "refresh_token=$refresh_token" | jq .
Copy {
"jti" : "bcd8138f-cba9-49e4-a4fa-86f688ba2730" ,
"exp" : 1547688875 ,
"nbf" : 0 ,
"iat" : 1547688575 ,
"iss" : "http://localhost:8080/auth/realms/ngx" ,
"aud" : "ngxapi" ,
"sub" : "12c4ef1f-f4bd-451c-a435-ffc5daa1412c" ,
"typ" : "Bearer" ,
"azp" : "ngxweb" ,
"auth_time" : 0 ,
"session_state" : "92cc97ad-3be7-48e0-9ee9-4329b2a66f07" ,
"acr" : "1" ,
"allowed-origins" : [ "*" ] ,
"realm_access" : {
"roles" : [ "ROLE_USER" ]
} ,
"scope" : "openid email ngxapi_audience profile" ,
"email_verified" : true ,
"name" : "sumo1 ngx" ,
"preferred_username" : "sumo1" ,
"given_name" : "sumo1" ,
"family_name" : "ngx" ,
"email" : "sumo1@ngx.com"
}