Hi,
We have integrated Keycloak with WSO2 API gateway followed https://apim.docs.wso2.com/en/4.2.0/administer/key-managers/configure-keycloak-connector/ documentation.
We have another nodeJS application which is using Keycloak’s REST API calls for different operations like GET, POST, PUT etc. and the call routes through WSO2 to keycloak and it is working fine. Following is the mechanism we are following.
Steps:
An access token is generated using POST to http://:port/kt/1.0.0/realms/<keycloak_user_realm>/protocol/openid-connect/token URL where
WSO2 Basic Authorization header passed in parameter and grant_type is client_credentials as WSO2 is integrated using a client created in keycloak for WSO2 API gateway.
Then one more REST call with POST method to http://:port/kgt/1.0.0/realms/master/protocol/openid-connect/token URL where the access token generated in 1st step is passed as client-Authorization header bearer token and in body master user username, password and grant_type= password sent to generate another access token.
Now to get users we are doing one more REST API call with GET method to http://:port/kc/1.0.0/admin/realms/rch-realm-dev/users URL where we are sending both the access token generated in step 1 and step 2 where one is client-Authorization (generated in 1st step) and another is Authorization header bearer tokens for successful REST API operation.
The above solution is working fine while we are following above sequence and REST API request call is initiated from nodeJS application and routed through WSO2 API gateway and communicated to Keycloak Server and response is got in similar manner at nodeJS application.
Here we are using 2 bearer tokens in step 3 .
Can we have some different mechanism to achieve the same goal as described above using a single access token?
We need a single access (bearer) token throughout the request and response model for ease of access and maintenance point of view.
Please suggest/advise any solution available.
Thank you,
Regards,
Samarendra