Keycloak direct grant by password or otp

233 Views Asked by user3503200 At 26 January 2024 at 01:56

How to get access token via API POST https://{mydomain}/realms/Resource/protocol/openid-connect/token by password or opt (FE will provide appropriate the param depend on user chose).

I already config the direct grant flow like below on keycloak version 23.0.4

https://i.stack.imgur.com/wSUdC.png

Thank you!

More detail, api returns 401 when I add OTP step and set it to Alternative. If I disable OTP, it returns 200 (https://i.stack.imgur.com/Cu7xy.png)

Original Q&A

There are 1 best solutions below

Eduardo On 07 February 2024 at 22:07

The Keycloak direct grant flow supports otp as a param. Which means that you have to send username, password, grant_type=password and otp with the number that was generated. Something like this:

curl -d "client_id=yourclient" \
    -d "client_secret=yourclientsecret" \
    -d "username=theUsername" \
    --data-urlencode  "password=thePassword" \
    -d "scope=openid" \
    -d "otp=113454" \
    -d "grant_type=password" \
    https://{mydomain}/realms/Resource/protocol/openid-connect/token

Keycloak direct grant by password or otp

There are 1 best solutions below

Related Questions in KEYCLOAK

Related Questions in KEYCLOAK-REST-API

Related Questions in TOTP

Trending Questions

Popular # Hahtags

Popular Questions