keycloak authentication (is multitenant)
authentication provider
here the machine to machine concept is used (machine calls machine), one system authenticates itself in another system (client and a secret)
change port if necessary and admin passwords
# container image = quay.io/keycloak/keycloak:21.1.1
# command to start keycloak = start-dev
docker run --name keycloak -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.1.1 start-dev
-
to access = localhost:8080
-
access Administration Console
-
login with user and password in this example – admin and admin
-
how to work and configure keycloak I will leave in a post here
-
to authenticate user it is necessary to have a user registered in keycloak
-
the user must have the email verification button enabled
-
inside the user, in credentials, there must be a registered password, permanent
-
your client must not be in the “machine to machine” format, meaning Capability config off
-
route:
-
localhost:8080/realms/REALM_NAME/protocol/openid-connect/token
-
for machine to machine request, the request must contain:
-
x-www-form-urlencoded
-
client_id = CLIENT_NAME
-
client_secret = token
-
grant_type = client_credentials
-
x-www-form-urlencoded
-
grant_type = client_credentials
-
username = USER_NAME previously registered in keycloak
-
password = YOUR SECRET PASSWORD previously registered in the user credentials tab
-
-
-
rename your .env.example file to .env and add the necessary information
-
with your keycloak and database previously configured (user, etc…)
-
start the API with go run cmd/api/main.go
-
start the WORKER with go run cmd/worker/main.go
-
access the routes with the examples through your preferred http client using the example below
# simple
go test ./...
# verbose
go test -v ./...
# coverage
go test ./... -coverprofile=coverfile
go tool cover -html="coverfile"provedor de autenticação
aqui e trabalhado o conceito machin to machin(maquina chama maquina) um sistam se autentica em outro sistema(cliente e um secret)
mudar porta caso necessario e senhas de admin
# imagem do container = quay.io/keycloak/keycloak:21.1.1
# comando para iniciar o keycloak = start-dev
docker run --name keycloak -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.1.1 start-dev-
para acessar = localhost:8080
-
acessar
Administration Console -
fazer login com usuario e senha nesse exemplo - admin e admin
-
como trabalhar e configurar o keycloak vou deixar em um post aqui
-
para fazer a autenticação via usuario e necessario ter um usuario cadastrado no keycloak
-
usuario esta com o botao de email verifica ativo
-
dentro do usuario na
credentialster um password cadastrado , permanente -
seu cliente nao estar no formato "machine to machine" ou seja com
Capability configoff -
a rota
localhost:8080/realms/NOME_DO_REALME/protocol/openid-connect/token-
para requisição
maquina a maquinana requisição deve container- x-www-form-urlencoded
- client_id = NOME_DO_CLIENTE
- client_secret = token
- grant_type = client_credentials
-
para requisição
cliente passwordna requisição deve container- x-www-form-urlencoded
- grant_type = client_credentials
- username = NOME_DO_USUARIO preveamente cadastrado no keycloak
- password = SUA SENHA SECRETA preveamente cadastrada na aba credentials do usuario
-
-
renomei seu arquivo
.env.examplepara.enve adicione as informaçoes necessarias -
com seu
Keycloak e banco de dadospreviamente configurados (usuario e etc...) -
suba a API com
go run cmd/api/main.go -
suba o WORKER com
go run cmd/worker/main.go -
acesse as rotas com os exemplos atravez do seu client http preferido com o exemplo abaixo
# simple
go test ./...
# verbose
go test -v ./...
# coverage
go test ./... -coverprofile=coverfile
go tool cover -html="coverfile"