Keycloak: After logout, the logout session NOT active - session

I have to implement biometric authorization which is based on our current Keycloak(SSO) system.
So I tried to create a long-lived refresh token which is activated even when I logout.
Here is curl:
curl --location --request POST
'http://localhost:8089/auth/realms/EXTERNAL/protocol/openid-connect/token?prompt=consent&scope=offline_access'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'prompt: consent'
--header 'scope: offline_access'
--data-urlencode 'client_id=client-credential'
--data-urlencode 'refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4NGRkZDM1OC1kMDFjLTRjODQtYmE2OC00ODA1MzVlNmM5OWIifQ.eyJleHAiOjE2NTY5MDY5NDQsImlhdCI6MTY1Njg5OTc0NCwianRpIjoiMTkzM2IxNzktOWQxMC00ODI5LTlkY2EtZGRiNGM5ZGM1YzY0IiwiaXNzIjoiaHR0cHM6Ly9kZXYtaWQuc2FmaW4udm4vYXV0aC9yZWFsbXMvRVhURVJOQUwiLCJhdWQiOiJodHRwczovL2Rldi1pZC5zYWZpbi52bi9hdXRoL3JlYWxtcy9FWFRFUk5BTCIsInN1YiI6ImZkMTY3NWVjLWY5YjgtNDRjMS04Yjk5LWJlOTU2M2Y2NTgyMiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJjbGllbnQtY3JlZGVudGlhbCIsInNlc3Npb25fc3RhdGUiOiI2NDExYzQ2ZC1hMGVmLTRiMDEtOTU0Yi00ZTU4ZTE5Mjc2ZDAiLCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJzaWQiOiI2NDExYzQ2ZC1hMGVmLTRiMDEtOTU0Yi00ZTU4ZTE5Mjc2ZDAifQ.c3ZdvnrG_Y3nuHKIWUGqo-beN-S5MNE-Ywufqym2D54'
--data-urlencode 'grant_type=refresh_token'
--data-urlencode 'scope=offline_access'
--data-urlencode 'client_secret=58f28165-1553-4543-9c66-c2e8c65fexxx'
But I received: "Session not active"
How can I fix that problem?

Related

pinterest access token giving error authentication failed

I using below command to get access token
curl -X POST https://api.pinterest.com/v5/oauth/token
--header 'Authorization: Basic {base64 encoded string made of client_id:client_secret}'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'grant_type=authorization_code'
--data-urlencode 'code={YOUR_CODE}'
--data-urlencode 'redirect_uri=http://localhost/'
I am getting
{"code":2,"message":"Authentication failed."}
client_id and secret are correct. Any pointers will be helpful.
Regards,
Rita

Send HTTP POST request to InfluxDB manually with browser

Hello,
I'm currently using grafana to visualize data from InfluxDB, and would like to use a hyperlink in form of a HTTP request from a dashboard to insert data into the database.
Is something like this possible?
This is possible.
In InfluxDB v1.X, you could do:
curl -i -XPOST 'http://localhost:8086/write?db=mydb' --data-binary 'cpu_load_short,host=server01,region=us-west value=0.64 1434055562000000000'
In InfluxDB v2.X, you could do:
curl --request POST \
"http://localhost:8086/api/v2/write?
org=YOUR_ORG&bucket=YOUR_BUCKET&precision=ns" \
--header "Authorization: Token YOUR_API_TOKEN" \
--header "Content-Type: text/plain; charset=utf-8" \
--header "Accept: application/json" \
--data-binary '
airSensors,sensor_id=TLM0201 temperature=73.97038159354763,humidity=35.23103248356096,co=0.48445310567793615 1630424257000000000
airSensors,sensor_id=TLM0202 temperature=75.30007505999716,humidity=35.651929918691714,co=0.5141876544505826 1630424257000000000
'
See more details here and there.

How to use Bash command line to curl an API with token and payload as parameters

I am novice and first timer to bash. Trying to run bash under command line to invoke an API, by passing token and payload received from two different APIs and are set as parameters. Below is my command. I am trying to add this bash script to a task in AzureBatch service job.
It has 3 curl requests,
First one (Line#1 in the code snippet below)- gets payload by
calling an API. ---- This is working fine, I am able to verify the
payload using the echo statement following the first curl command.
Second one(Line#3 in the code snippet below) - gets token by
calling the token provider ----- This is working fine as well,
verified using the echo statement.
Third one (Line#5 in the code snippet below),This is the problematic command. I am trying to pass the token and payload received from the above two commands and the curl is not able to resolve them.
both token and payload or not resolving to their values..
My Bash COmmand
/bin/bash -c
"payload=$(curl --location --request GET 'http://url/OutreachData')
&& echo -e \"The value of payload is: "'$payload'"\"
&& token=$(curl --location --request POST 'https://login.microsoftonline.com/<<tenantId>>/oauth2/v2.0/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=<<clientId>>' --data-urlencode 'scope=api://<<applicationId>>/.default' --data-urlencode 'client_secret=<<clientSecret>>' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'Audience=api://<<applicationId>>'|jq -j '.access_token')
&& echo -e \"value of token is "'$token'"\n\"
&& result=$(curl --location --request POST 'https://url/api/<<Resource>>' --header 'accept: */*' --header 'Content-Type: application/json' --header 'Authorization: Bearer '"'$token'" --data-raw "'$payload'")
&& echo -e \"Result is "'$result'"\""
This is how the third Curl is resolving to, payload and token are not getting replaced as we can see in the authorization header and data-raw elements
++ curl --location --request POST https://url/api/ --header 'accept: /' --header 'Content-Type: application/json' --header 'Authorization: Bearer ' --data-raw ''''''''
There should be no need to explicitly run this with bash -c unless you are in a very constrained environment where you simply cannot run Bash by any other means.
The immediate problem is that code like
bash -c "echo "'$token'" && true"
ends up with $token being single-quoted in the shell which you run bash -c from. But the blazingly obvious fix is to not have this complex quoting in the first place.
payload=$(curl --location --request GET 'http://url/OutreachData')
echo "The value of payload is: '$payload'"
token=$(curl --location --request POST \
'https://login.microsoftonline.com/<<tenantId>>/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<<clientId>>' \
--data-urlencode 'scope=api://<<applicationId>>/.default' \
--data-urlencode 'client_secret=<<clientSecret>>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'Audience=api://<<applicationId>>' |
jq -j '.access_token')
echo "value of token is "'$token'"
result=$(curl --location --request POST \
'https://url/api/<<Resource>>' --header 'accept: */*' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer '"$token" \
--data-raw "$payload")
echo "Result is "'$result'"
If your current shell is not Bash and you need these commands to be run in Bash, a simpler workaround is to put the script in a here document, which drastically simplifies the quoting needs (or if this is in an interactive session, just run bash and run these commands at the interactive Bash prompt, then exit when you no longer want to be in Bash).

How to write output of looped curl command to file

I want to run a curl command every few seconds on a loop and I want the output to be written to a file (appending not overwriting each time it runs). I have to also run it from the CLI
Curl command is like below
curl --location --request POST 'https://api.website.com/Auth/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'Cookie: blablabla'
--data-urlencode 'grant_type=password'
--data-urlencode 'username=username'
--data-urlencode 'password=password
I tried adding a while true; do sleep 2 && at the beginning and > file.txt to output at the end but its not working. I'm sure its probably simple but I'm not very good with bash so any help would be great
You can do this:
while :; do
curl --location --request POST 'https://api.website.com/Auth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: blablabla' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=username' \
--data-urlencode 'password=password'
sleep 2 || break
done >> file.txt

How to add user attribute values to token when impersonating in Keycloak

I am trying to impersonate a user (tony123) using a superadmin(superadmin). The steps I am following are as follows.
Get access token for superadmin as below.
curl --location --request POST 'http://localhost:8180/auth/realms/tenant/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=superadmin' \
--data-urlencode 'password=<superadmin-password>' \
--data-urlencode 'client_id=<source-client-id>' \
--data-urlencode 'client_secret=<source-client-secret>'
With the above token, I am getting the impersonated user's (tony123) token as follows.
curl --location --request POST 'http://localhost:8180/auth/realms/tenant/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<source-client-id>' \
--data-urlencode 'client_secret=<source-client-secret>' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'subject_token=<access token got in step one>' \
--data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:access_token' \
--data-urlencode 'requested_subject=<user id of tony123>'
I am able to get the correct impersonate token by following the above two steps. This impersonate token only contains preferred_username and email attributes of tony123 in the token. I would like to further customise the impersonate token by adding some phone_number from the user attributes map. I am unable to do so.
I tried adding a mapper for phone_number in the source-client in Keycloak admin. This was an unsuccessful attempt. How to achieve this?
First you create your custom attributes then in client mappers, add Token Mapper with User Attribute type.
Take a look at this page.

Resources