REST Assured, get that damn access token!
I was recently playing around with quarkus and keycloak (using the openid-connect protocol) and I wanted to create an automated test for a protected resource
With curl you can get the access token like this
1export access_token=$(
2 curl --insecure -X POST yourKeycloakServerUrl/protocol/openid-connect/token
3 --user clientId:secret
4 -H 'content-type: application/x-www-form-urlencoded'
5 -d 'username=umberto&password=password&grant_type=password' | jq --raw-output '.access_token'
6)
And then use it for a protected resource as following
1curl -v -X GET http://localhost:8080/api/v1/users/umberto/articles -H "Authorization: Bearer "$access_token
With REST Assured you can get it in 12 easy steps :)
1String accessToken = given()
2 .auth()
3 .preemptive()
4 .basic(clientId, secret)
5 .header("Content-Type", "application/x-www-form-urlencoded")
6 .baseUri(serverUrl)
7 .body("username=umberto&password=password&grant_type=password")
8 .post("/protocol/openid-connect/token")
9 .then().extract().response().jsonPath().getString("access_token");
and if you are using quarkus with quarkus-oidc you can retrieve the config parameters as following
1@ConfigProperty(name="quarkus.oidc.auth-server-url")
2String serverUrl;
3
4@ConfigProperty(name="quarkus.oidc.client-id")
5String clientId;
6
7@ConfigProperty(name="quarkus.oidc.credentials.secret")
8String secret;