KEYCLOAK-2475
Move client registration endpoints
This commit is contained in:
parent
8ed1677249
commit
77912b2117
5 changed files with 17 additions and 11 deletions
|
@ -107,6 +107,12 @@
|
|||
(via the subsystem, or auth-method in web.xml
|
||||
</para>
|
||||
</simplesect>
|
||||
<simplesect>
|
||||
<title>Client Registration service endpoints moved</title>
|
||||
<para>
|
||||
The Client Registration service endpoints have been moved from <literal>{realm}/clients</literal> to <literal>{realm}/clients-registrations</literal>.
|
||||
</para>
|
||||
</simplesect>
|
||||
<simplesect>
|
||||
<title>Deprecated OpenID Connect endpoints</title>
|
||||
<para>
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
<para>
|
||||
The Client Registration Service provides built-in support for Keycloak Client Representations, OpenID Connect
|
||||
Client Meta Data and SAML Entity Descriptors. It's also possible to plugin custom client registration providers
|
||||
if required. The Client Registration Service endpoint is <literal><KEYCLOAK URL>/realms/<realm>/clients/<provider></literal>.
|
||||
if required. The Client Registration Service endpoint is <literal><KEYCLOAK URL>/realms/<realm>/clients-registrations/<provider></literal>.
|
||||
</para>
|
||||
<para>
|
||||
The built-in supported <literal>providers</literal> are:
|
||||
|
@ -123,23 +123,23 @@ Authorization: bearer eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJmMjJmNzQyYy04ZjNlLTQ2M....
|
|||
</para>
|
||||
<para>
|
||||
To create a client create a Client Representation (JSON) then do a HTTP POST to:
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients/default</literal>. It will return a Client Representation
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients-registrations/default</literal>. It will return a Client Representation
|
||||
that also includes the registration access token. You should save the registration access token somewhere
|
||||
if you want to retrieve the config, update or delete the client later.
|
||||
</para>
|
||||
<para>
|
||||
To retrieve the Client Representation then do a HTTP GET to:
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients/default/<client id></literal>. It will also
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients-registrations/default/<client id></literal>. It will also
|
||||
return a new registration access token.
|
||||
</para>
|
||||
<para>
|
||||
To update the Client Representation then do a HTTP PUT to with the updated Client Representation to:
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients/default/<client id></literal>. It will also
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients-registrations/default/<client id></literal>. It will also
|
||||
return a new registration access token.
|
||||
</para>
|
||||
<para>
|
||||
To delete the Client Representation then do a HTTP DELETE to:
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients/default/<client id></literal>
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients-registrations/default/<client id></literal>
|
||||
</para>
|
||||
</section>
|
||||
|
||||
|
@ -155,7 +155,7 @@ Authorization: basic BASE64(client-id + ':' + client-secret)
|
|||
</para>
|
||||
<para>
|
||||
To retrieve the Adapter Configuration then do a HTTP GET to:
|
||||
<literal><KEYCLOAK URL>//realms/<realm>/clients/installation/<client id></literal>
|
||||
<literal><KEYCLOAK URL>//realms/<realm>/clients-registrations/installation/<client id></literal>
|
||||
</para>
|
||||
<para>
|
||||
No authentication is required for public clients. This means that for the JavaScript adapter you can
|
||||
|
@ -172,7 +172,7 @@ Authorization: basic BASE64(client-id + ':' + client-secret)
|
|||
</para>
|
||||
<para>
|
||||
The endpoint to use these specifications to register clients in Keycloak is:
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients/oidc[/<client id>]</literal>.
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients-registrations/oidc[/<client id>]</literal>.
|
||||
</para>
|
||||
<para>
|
||||
This endpoints can also be found in the OpenID Connect Discovery endpoint for the realm:
|
||||
|
@ -190,7 +190,7 @@ Authorization: basic BASE64(client-id + ':' + client-secret)
|
|||
</para>
|
||||
<para>
|
||||
To create a client do a HTTP POST with the SAML Entity Descriptor to:
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients/saml2-entity-descriptor</literal>.
|
||||
<literal><KEYCLOAK URL>/realms/<realm>/clients-registrations/saml2-entity-descriptor</literal>.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
|
|
|
@ -177,7 +177,7 @@ public class ClientRegistration {
|
|||
}
|
||||
|
||||
public ClientRegistrationBuilder url(String authUrl, String realm) {
|
||||
url = HttpUtil.getUrl(authUrl, "realms", realm, "clients");
|
||||
url = HttpUtil.getUrl(authUrl, "realms", realm, "clients-registrations");
|
||||
return this;
|
||||
}
|
||||
|
||||
|
|
|
@ -17,11 +17,11 @@
|
|||
|
||||
package org.keycloak.services.clientregistration;
|
||||
|
||||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.events.EventBuilder;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.services.ErrorResponseException;
|
||||
|
||||
import javax.ws.rs.NotFoundException;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.core.Context;
|
||||
|
|
|
@ -131,7 +131,7 @@ public class RealmsResource {
|
|||
return service;
|
||||
}
|
||||
|
||||
@Path("{realm}/clients")
|
||||
@Path("{realm}/clients-registrations")
|
||||
public ClientRegistrationService getClientsService(final @PathParam("realm") String name) {
|
||||
RealmModel realm = init(name);
|
||||
EventBuilder event = new EventBuilder(realm, session, clientConnection);
|
||||
|
|
Loading…
Reference in a new issue