在使用keycloak时,应该了解最重要的站点是well-known配置端点,它列出了与keycloak中的openid Connect实现相关的端点和其他配置选项。
在搭建keycloak服务后,访问 http://47.106.160.xxx:8081/realms/ebs/.well-known/uma2-configuration,获取的josn如下所示:
{
"issuer": "http://47.106.160.xxx:8081/realms/ebs",
"authorization_endpoint": "http://47.106.160.xxx:8081/realms/ebs/protocol/openid-connect/auth",
"token_endpoint": "http://47.106.160.xxx:8081/realms/ebs/protocol/openid-connect/token",
"introspection_endpoint": "http://47.106.160.xxx:8081/realms/ebs/protocol/openid-connect/token/introspect",
"end_session_endpoint": "http://47.106.160.xxx:8081/realms/ebs/protocol/openid-connect/logout",
"frontchannel_logout_session_supported": true,
"frontchannel_logout_supported": true,
"jwks_uri": "http://47.106.160.xxx:8081/realms/ebs/protocol/openid-connect/certs",
"grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "urn:openid:params:grant-type:ciba"],
"response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
"response_modes_supported": ["query", "fragment", "form_post", "query.jwt", "fragment.jwt", "form_post.jwt", "jwt"],
"registration_endpoint": "http://47.106.160.xxx:8081/realms/ebs/clients-registrations/openid-connect",
"token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt"],
"token_endpoint_auth_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
"scopes_supported": ["openid", "acr", "roles", "web-origins", "microprofile-jwt", "phone", "profile", "email", "offline_access", "address"],
"resource_registration_endpoint": "http://47.106.160.xxx:8081/realms/ebs/authz/protection/resource_set",
"permission_endpoint": "http://47.106.160.xxx:8081/realms/ebs/authz/protection/permission",
"policy_endpoint": "http://47.106.160.xxx:8081/realms/ebs/authz/protection/uma-policy"
}
在搭建反向代理后,访问:https://xxx.com/realms/ebs/.well-known/openid-configuration
{
"issuer": "https://xxx.com/realms/ebs",
"authorization_endpoint": "https://xxx.com/realms/ebs/protocol/openid-connect/auth",
"token_endpoint": "https://xxx.com/realms/ebs/protocol/openid-connect/token",
"introspection_endpoint": "https://xxx.com/realms/ebs/protocol/openid-connect/token/introspect",
"userinfo_endpoint": "https://xxx.com