KEYCLOAK - Using an HTTP/REST client in your custom extensions

January 11, 2024

Tags: #keycloak #httpclient #restclient

Back in the old days of legacy Wildfly-based Keycloak distributions, it was easy to use a custom HTTP- or REST-client, because Wildfly was (is) an application server and there is just a JAX-RS client available, in this case, the RESTEasyClient. With the switch to the Quarkus application framework as the foundation architecture, it was not that easy as with Wildfly, but on still could use the ResteasyClientBuilder and create a client instance. Now, starting with version 23 of Keycloak, also the ResteasyClientBuilder is no more able to be used.

📣 📣 📣 But there’s already a proper solution coming directly with Keycloak since the early days of this project! 🎉 And the also good news are, that this http client is already properly configured with the TLS certificates/truststores you configure to Keycloak! 🥳 And it’s completely managed by the Keycloak server. So there’s no need to create, instantiate and manage anything custom on your own!


If you are just in the need of an HTTP client, you can retrieve the client-provider from the session, an then get the client itself:

private KeycloakSession session;
HttpClient = session.getProvider(HttpClientProvider.class).getHttpClient()

The retrieved HttpClient is of type org.apache.http.impl.client.CloseableHttpClient. Although it is a closeable client, you MUST NOT close it on your own! It’s completely managed by Keycloak. If you close it in your custom code, Keycloak might (will) run into trouble!


For simple HTTP requests, you can also use the SimpleHttp class, which provides static methods for all HTTP methods. This SimpleHttp client can send JSON and Form requests and use BasicAuth and OAuth2 token auth on the requests. Responses can be checked for status codes and retrieve the body payload. Under the hood, the SimpleHttp methods are using the same HttpClient as mentioned above.

GET Example with OAuth2 Bearer token authentication:
Response response = SimpleHttp.doGet("https://hostname/path/to/resource", session).auth("tokenstring").asResponse();
POST Example with BasicAuth authentication:
int status = SimpleHttp.doPost("https://hostname/path/to/resource", session).authBasic("user", "pass").json(bodyEntity).asStatus();

➡️ See for more details.

So, there’s no need of anything else. You can just use the HttpClient or the SimpleHttp class to execute HTTP requests to other services and systems. 😎

Du bist auf der Suche nach Keycloak Beratung, Unterstützung, Workshops oder Trainings?

Nimm Kontakt mit mir auf!

« Keycloak Dev Day 2024 KEYCLOAK - Flushing and clear Realm and User Caches via Admin REST API »