keycloak
Open Source Identity and Access Management.
OIDC
OpenID Connect (OIDC) provides a simple identity layer on top of the OAuth 2.0 protocol, enabling Single Sign-On (SSO) and API access in one round trip. It brings the missing user authentication story and identity layer to OAuth.
Steps setup realm
1 cd /tmp
2 wget https://github.com/keycloak/keycloak/releases/download/14.0.0/keycloak-14.0.0.zip
3 unzip -t keycloak-14.0.0.zip
4 unzip keycloak-14.0.0.zip
5 cd ~/tmp/keycloak-14.0.0/bin
6 sh standalone.sh
7 http://localhost:8080/auth
8 # admin admin admin create
9 # http://localhost:8080/auth/admin/master/console/#/realms/master
10 # Master, add realm, MyRealm , create
11 # Users, add user, myuser
12 # select user, credentials, mypwd mypwd, temporary off
13 # Add role USER to MyRealm
14 # Make user myuser have role USER
15 # signout
16 # http://localhost:8080/auth/realms/MyRealm/account/
17 # realm: MyRealm
18 # user pwd: myuser mypwd
19 # client id: curl_confidential
20 # protocol: openid-connect
21 # Curl_confidential settings: access-type confidential
22 # valid redirect url http://localhost:8080
23 # tab credentials: regenerate secret 6dfe5f84-d115-4d3e-8a56-a0fcf5b2f13e
24 curl -d 'client_id=curl_confidential' -d 'client_secret=6dfe5f84-d115-4d3e-8a56-a0fcf5b2f13e' -d 'username=myuser' -d 'password=mypwd' -d 'grant_type=password' 'http://localhost:8080/auth/realms/MyRealm/protocol/openid-connect/token'