Create users in keycloak in his realm in PHP.
I created myself in the interface admin a realm which is named "myreal", then I created a user who is named "Myuser".
I would like my "Myuser" user to be able to create other users in his realm.
For that I did like this:
$response = $client->request('POST', 'http://localhost:8080/auth/admin/realms/myrealm/users', [
'headers' => [
'Content-Type' => 'application/json',
'Authorization' => 'Bearer '.$accessToken->getToken(),
'form_params' => [
'username' => 'test',
],
],
]);
$accessToken -> it's the token of "Myuser".
My user has the client role "realm-management" with Assigned Roles -> manage-users
I have as a return an error:
Client error: `GET http://localhost:8080/auth/admin/realms/myrealm/users` resulted in a `403 Forbidden` response
Related
Below is a POST method that will generate an API Key
Controller:
public function index(Request $request)
{
$response = Http::post('ENDPOINT', [
'Username' => 'ADMIN',
'Password' => 'ADMIN',
'Token' => 'TEF53...',
]);
And the next method (POST) will create new data and use the above response as an API Key
$response2 = Http::withHeaders([
'Accept' => 'application/json',
])->post('ENDPOINT', [
'body' => [
"DocKey" => 11223333355,
...
]
]);
return json_decode($response2);
}
But in this case i am getting an error:
Message "Authorization has been denied for this request."
The reason is the API Key isn't provided in the previous POST method
where can i place the generated API Key from the first method in the second method?
More clarification:
When i test the second method ($response2) in Postman, I need to provide the generated API Key from the first method ($response) as shown below:
https://i.stack.imgur.com/TOp1b.png
How can i add the above (Type API Key and its parameters)?
Looks like
$response2 = Http::withHeaders([
'Accept' => 'application/json',
'Authorization' => 'eyJ...', // provide apiKey here
])->post...
I am trying to connect to an oauth2 system using guzzle but I keep getting this message:
$guzzle = new GuzzleHttp\Client;
$response = $guzzle->post('https://logincert.anaf.ro/anaf-oauth2/v1/authorize', [
'form_params' => [
'grant_type' => 'authorization_code',
'response_type' => 'token',
'client_id' => 'xxxx',
'client_secret' => 'xxxxx',
'redirect_uri' => 'http://redirect'
],
]);
return json_decode((string) $response->getBody(), true)['access_token'];
{
"error":"invalid_client",
"error_description":"The client app does not support implicit grant"
}
The provider doesn't provide much information about the returned message, the only information that they provide are:
Type: OAuth 2.0
Add Authorization Data to: Request Headers
Grant Type: Authorization Code
Callback URL: http://redirect
Authorization Endpoint: https://logincert.anaf.ro/anaf-oauth2/v1/authorize
Token Endpoint: https://logincert.anaf.ro/anaf-oauth2/v1/token
Token Revocation Endpoint: https://logincert.anaf.ro/anaf-oauth2/v1/revoke
Client ID: xxx
Client Secret: xxx
Client Authentication type: Send as Basic Auth header
Any ideas what am I doing wrong?
Thanks,
Chris
I try to get a list of messages from the currently logged in user. I am using Guzzle client to make a request. Unfortunately I don't quite understand the Google docs about the API.
This is what I have so far:
$client = new Client;
$headers = [
'content-type' => 'application/json',
'Authorization' => 'Bearer '.$token->access_token
];
$params = [
'maxResults' => 10,
'client_id' => config('gmail.clientId'),
'client_secret' => config('gmail.clientSecret'),
];
$response = $client->get('https://www.googleapis.com/gmail/v1/users/me/messages', [
$headers,
$params
]);
With this code I receive a message "Error 401 - Login Required". How can I achieve this? In my application every user is connected to their own Gmail account. The access_tokens are saved in a database.
I'm not sure about the Google API that you are using, but you definitely have a Guzzle-related mistake:
$response = $client->get('https://www.googleapis.com/gmail/v1/users/me/messages', [
'headers' => $headers,
'query' => $params,
]);
Also according to the docs, you don't need to supply client_id and client_secret upon every request. Take a look at Google's official auth lib for PHP, or/and at the complete SDK.
i am used aweber api in add subscriber and OAuth 2.0 Examples usign php
require_once('aweber_api/aweber_api.php');
$body = [
'ad_tracking' => 'ebook',
'custom_fields' => [
'apple' => 'fuji',
'pear' => 'bosc'
],
'email' => 'anand#gmail.com',
'ip_address' => '192.168.1.1',
'last_followup_message_number_sent' => 0,
'misc_notes' => 'string',
'name' => 'Anand',
'strict_custom_fields' => 'true',
'tags' => [
'slow',
'fast',
'lightspeed'
]
];
$headers = [
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'User-Agent' => 'AWeber-PHP-code-sample/1.0'
];
$listId='myid';
$accountId='myid';
$url = "https://api.aweber.com/1.0/accounts/{$accountId}/lists/{$listId}/subscribers";
$response = $client->post($url, ['json' => $body, 'headers' => $headers]);
echo $response->getHeader('Location')[0];
Error Code :
Notice: Undefined variable: client in D:\xampp\htdocs\Aweber\index.php on line 30
Fatal error: Uncaught Error: Call to a member function post() on null in D:\xampp\htdocs\Aweber\index.php:30 Stack trace: #0 {main} thrown in D:\xampp\htdocs\Aweber\index.php on line 30
The AWeber examples make use of a third party HTTP client for PHP called Guzzle. You need to set up the client first before you'll be able to use it. You can see an example of this in the code examples on AWeber's GitHub here:
https://github.com/aweber/public-api-examples/blob/ea87b1f504cb97d9081a9ea9c8737ae9fd8838e3/php/manage-subscriber
Note the call to create the client:
// Create a Guzzle client
$client = new GuzzleHttp\Client();
Documentation for Guzzle can be found here:
http://docs.guzzlephp.org/en/stable/
It also looks like you're missing the authorization header. When you make the API call it will fail unless you include your access token in the header, so don't forget that part! You can add it to your existing headers like so:
$headers = [
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'User-Agent' => 'AWeber-PHP-code-sample/1.0',
'Authorization' => 'Bearer ' . $accessToken
];
Where $accessToken is a variable you initialize with your token somewhere.
Hi I have a problem with send email to reset password. I using Keycloak 4.8. In documencation I found:
Send a update account email to the user An email contains a link the user can click to perform a set of required actions.
PUT /{realm}/users/{id}/execute-actions-email
And required params:
id, realm and actions.
I write method using Guzzle:
$client = new \GuzzleHttp\Client();
$response = $client->request('put', 'https://myserwerkeycloak.com/auth/admin/realms/testrealm/users/a98e...00d1/execute-actions-email', [
'headers' => [
'User-Agent' => $_SERVER['HTTP_USER_AGENT'],
'Content-Type' => 'application/json',
'Accept' => 'application/json'
],
'form_params' => [
json_encode([
'actions' => ['UPDATE_PASSWORD'],
])
]
]);
$response return 401 Unauthorized
So I added token:
'Authorization' => 'Bearer ' . $access_token,
No I have error 500:
local.ERROR: Server error: PUT
https://myserwerkeycloak.pl/auth/admin/realms/testrealm/users/a98e...00d1/execute-actions-email
resulted in a 500 Internal Server Error response
{"exception":"[object] (GuzzleHttp\Exception\ServerException(code:
500): Server error: PUT
https://myserwerkeycloak.pl/auth/admin/realms/testrealm/users/a98e...00d1/execute-actions-email
resulted in a 500 Internal Server Error response at
C:\xampp\htdocs\project\project\vendor\guzzlehttp\guzzle\src\Exception\RequestException.php:113)
But whe I wont generate $access_token I need using email and password, so it's not good resolve because I click 'forgot password, send email...'
How I can used execute-actions-email without authorization ?