This repository demostrates how to use Keycloak GO Lang Client gocloak
- Login with username and password and get access & refresh tokens from Keycloak
- Validate tokens using GO gin-gonic middleware before executing the actual API
- Get user info from keycloak using access token
- Retrospect token using gocloak client
- Logout user and invalidate any tokens
Note : You might want to use Keycloak v17.0.0-legacy or lower, because of this bug in gocloak
docker run -d -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:17.0.0-legacy
export CONTAINER_ID=$(docker ps | cut -f 1 -d ' ' | tail -1)
docker exec $CONTAINER_ID /opt/jboss/keycloak/bin/add-user-keycloak.sh -u admin -p admin
docker restart $CONTAINER_ID
- Visit http://localhost:8080 and login to keycloak admin consule with
admin
as username andadmin
as password
- Git Clone the repository
git clone https://github.com/ksingh7/keycloak-go-demo.git
cd keycloak-go-demo/keycloak-go-app
go build . && ./keycloak-go-app
- Open your API Client (postman) and hit the API endpoint
- Health :
http://localhost:8081/health
to check if the API is up and running
- Create a new project
keycloak
- Navigate to
operatorhub
search forkeycloak
and install it. Make sure the project iskeycloak
- Once
keycloak
operator installation is done, to toInstalled Operator
>keycloak
>Create Instance
, name your keycloak instance and hit create - Grab Keycloak username and password
oc get secret -n keycloak credential-keycloak-instance -o jsonpath="{.data.ADMIN_USERNAME}" | base64 --decode
oc get secret -n keyckoak credential-keycloak-instance -o jsonpath="{.data.ADMIN_PASSWORD}" | base64 --decode
- Get keycloak UI route
oc get route -n keycloak keycloak -o jsonpath="{.spec.host}"
- Create a new Realm
- Create a user
user1
in the new realm- Set
user1
credential and disable temporary password
- Set
- Create a new Client
my-go-servie
client-protocol : openid-connect
Access Type : Confidential
Valid Redirect URIs : http://localhost:8081
Credentials > Secret > Regenerate Secret
- edit
.env
and update environment variables for your setup
- Provide username and password in the request body and hit
http://localhost:8081/login
{
"username":"user1",
"password":"user1"
}
- Response
- Access Token, Refresh Token, Status
- User Access Token as Auth > Bearer token in your next API call and hit
http://localhost:8081/auth/getQuote
- User Access Token as Auth > Bearer token in your next API call and hit
http://localhost:8081/auth/status
-
User Access Token as Auth > Bearer token in your next API call and hit
http://localhost:8081/auth/logout
-
Verify logout works by hitting
http://localhost:8081/auth/status
again. It should throw error