Testing Secure Service Registry API

OAuth 2.0 has a bunch of Grant Types for different use cases. OpenID Connect and OAuth 2.0 provide following 4 major kinds of grant types which can be used with Red Hat SSO (Keycloak). While configuring each client, Keycloak provides options for enabling each of the above mentioned grant types as following table:

Grant Type	Keycloak Option
Authorization Code	Standard Flow Enabled
Client Credentials	Service Accounts Enabled
Resource Owner Password Credentials	Direct Access Grants Enabled
Implicit	Implicit Flow Enabled

Testing Service Registry API secured by Red Hat SSO is obviously that client must authenticate to Red Hat SSO (in case of OAuth) or Service Registry (in case of Basic Auth).

This section will show you how to call Service Registry API secured with OAuth (Client Credentials Grant Type. See create client with Client Credentials Grant Type) and Basic Auth using Postman. What you need to do in addition to calling unsecure API is configure the Authorization tab.

Call API secured with Basic Authentication

To call Service Registry APIs secured with Basic Authentication, you have to configure the Authorization tab as following:

• Type: Basic Auth

• Username: Client ID in Red Hat SSO

• Password: Client secret

Testing secure API

Call API secured with OAuth (Client Credentials Grant Type)

To call Service Registry APIs secured with OAuth, you have to configure the Authorization tab as following:

• Type: OAuth 2.0

• Grant Type: Client Credentials

• Access Token URL: Keycloak access token URL in this format: https://<KEYCLOAK_HOST>/auth/realms/<REALM>/registry/protocol/openid-connect/token. For example, https://keycloak.example.com/auth/realms/registry/protocol/openid-connect/token

• Client ID: Client ID in Red Hat SSO

• Client Secret: Client secret

Testing secure API