blob: 41880cb547032f29f4cf8077f12d4a6236c0ac44 [file] [log] [blame]
<?php
namespace Keycloak;
use Exception;
use Log;
class KeycloakUtil {
public static function getAPIAccessToken($base_endpoint_url, $realm, $admin_username, $admin_password, $verify_peer, $cafile_path) {
// http://www.keycloak.org/docs/2.5/server_development/topics/admin-rest-api.html
// curl -d client_id=admin-cli -d username=username \
// -d "password=password" -d grant_type=password https://149.165.156.62:8443/auth/realms/master/protocol/openid-connect/token
$r = curl_init($base_endpoint_url . '/realms/' . rawurlencode($realm) . '/protocol/openid-connect/token');
curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($r, CURLOPT_ENCODING, 1);
curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $verify_peer);
if($verify_peer && $cafile_path){
curl_setopt($r, CURLOPT_CAINFO, $cafile_path);
}
// Assemble POST parameters for the request.
$post_fields = "client_id=admin-cli&username=" . urlencode($admin_username) . "&password=" . urlencode($admin_password) . "&grant_type=password";
// Obtain and return the access token from the response.
curl_setopt($r, CURLOPT_POST, true);
curl_setopt($r, CURLOPT_POSTFIELDS, $post_fields);
$response = curl_exec($r);
if ($response == false) {
Log::error("Failed to retrieve API Access Token");
die("curl_exec() failed. Error: " . curl_error($r));
}
$result = json_decode($response);
// Log::debug("API Access Token result", array($result));
return $result->access_token;
}
}