Chapter 2. Admin REST API

Procedure

1. Obtain an access token for user in the realm master with username admin and password password:

   curl \
     -d "client_id=admin-cli" \
     -d "username=admin" \
     -d "password=password" \
     -d "grant_type=password" \
     "http://localhost:8080/auth/realms/master/protocol/openid-connect/token"

   Copy to Clipboard Toggle word wrap
   Note

   By default this token expires in 1 minute

   The result will be a JSON document.

2. Invoke the API you need by extracting the value of the access_token property.

3. Invoke the API by including the value in the Authorization header of requests to the API.

   The following example shows how to get the details of the master realm:

   curl \
     -H "Authorization: bearer eyJhbGciOiJSUz..." \
     "http://localhost:8080/auth/admin/realms/master"

   Copy to Clipboard Toggle word wrap

Procedure

1. Make sure the client is configured as follows:

   • client_id is a confidential client that belongs to the realm master
   • client_id has Service Accounts Enabled option enabled

   • client_id has a custom "Audience" mapper

     • Included Client Audience: security-admin-console
2. Check that client_id has the role 'admin' assigned in the "Service Account Roles" tab.

3. Obtain an access token for the Admin REST API using client_id and client_secret:

   curl \
     -d "client_id=<YOUR_CLIENT_ID>" \
     -d "client_secret=<YOUR_CLIENT_SECRET>" \
     -d "grant_type=client_credentials" \
     "http://localhost:8080/auth/realms/master/protocol/openid-connect/token"

   Copy to Clipboard Toggle word wrap