KEYCLOAK - Using an HTTP/REST client in your custom extensions
January 11, 2024
Tags: #keycloak #httpclient #restclient
Back in the old days of legacy Wildfly-based Keycloak distributions, it was easy to use a custom HTTP- or REST-client, because Wildfly was (is) an application server and there is just a JAX-RS client available, in this case, the RESTEasyClient
.
With the switch to the Quarkus application framework as the foundation architecture, it was not that easy as with Wildfly, but on still could use the ResteasyClientBuilder
and create a client instance.
Now, starting with version 23 of Keycloak, also the ResteasyClientBuilder
is no more able to be used.
📣 📣 📣 But there’s already a proper solution coming directly with Keycloak since the early days of this project! 🎉 And the also good news are, that this http client is already properly configured with the TLS certificates/truststores you configure to Keycloak! 🥳 And it’s completely managed by the Keycloak server. So there’s no need to create, instantiate and manage anything custom on your own!
HTTPClient
If you are just in the need of an HTTP client, you can retrieve the client-provider from the session, an then get the client itself:
private KeycloakSession session;
...
HttpClient = session.getProvider(HttpClientProvider.class).getHttpClient()
The retrieved HttpClient
is of type org.apache.http.impl.client.CloseableHttpClient
.
Although it is a closeable client, you MUST NOT close it on your own!
It’s completely managed by Keycloak.
If you close it in your custom code, Keycloak might (will) run into trouble!
SimpleHttp
For simple HTTP requests, you can also use the SimpleHttp
class, which provides static methods for all HTTP methods.
This SimpleHttp
client can send JSON
and Form
requests and use BasicAuth and OAuth2 token auth on the requests.
Responses can be checked for status codes and retrieve the body payload.
Under the hood, the SimpleHttp
methods are using the same HttpClient
as mentioned above.
GET
Example with OAuth2 Bearer token authentication:
Response response = SimpleHttp.doGet("https://hostname/path/to/resource", session).auth("tokenstring").asResponse();
POST
Example with BasicAuth authentication:
int status = SimpleHttp.doPost("https://hostname/path/to/resource", session).authBasic("user", "pass").json(bodyEntity).asStatus();
➡️ See org.keycloak.broker.provider.util.SimpleHttp
for more details.
So, there’s no need of anything else.
You can just use the HttpClient
or the SimpleHttp
class to execute HTTP requests to other services and systems. 😎
Du bist auf der Suche nach Keycloak Beratung, Unterstützung, Workshops oder Trainings?
Nimm Kontakt mit mir auf!« Keycloak Dev Day 2024 KEYCLOAK - Flushing and clear Realm and User Caches via Admin REST API »