更新时间:2023-12-01 08:12:34
我找到了解决方案. 要在不知道他人密码的情况下登录,请执行以下操作:
I found a solution. To login without knowing someone's password:
TOKEN_EXCHANGE
密钥斗篷功能.
我使用Laravel实现了步骤1-3,使用Keycloak API实现了步骤4-5:
Steps 1-3 I implemented with Laravel, steps 4-5 with Keycloak APIs:
public function loginByUserId(string $userId): SsoTokens
{
try {
$impersonatorData = $this->realmEndpoint->makeRequest(
HttpClientProvider::METHOD_POST,
self::KEYCLOAK_AUTH_URL,
[
'client_id' => config('services.keycloak.realm_client'),
'client_secret' => config('services.keycloak.realm_secret'),
'grant_type' => 'password',
'username' => config('services.keycloak.admin_username'),
'password' => config('services.keycloak.admin_password'),
'scope' => 'openid',
]
);
$data = $this->realmEndpoint->makeRequest(
HttpClientProvider::METHOD_POST,
self::KEYCLOAK_AUTH_URL,
[
'client_id' => config('services.keycloak.realm_client'),
'client_secret' => config('services.keycloak.realm_secret'),
'grant_type' => 'urn:ietf:params:oauth:grant-type:token-exchange',
'requested_subject' => $userId,
'subject_token' => $impersonatorData['access_token'],
'scope' => 'openid',
]
);
} catch (TransportUnauthorizedException $e) {
throw new UnauthorizedException($e);
} catch (HttpClientException $e) {
throw new TransportException($e);
}
return $this->extractTokens($data);
}