Fetch access token from the EGL RUI
This section explains how to securely fetch an access token (JWT) from Keycloak using EGL REST in an EGL Rich UI (RUI) application.
package pkg.keycloak;
interface KeycloakAccessToken
function getAccessToken(req KeycloakReqPayload in) returns (KeycloakResponse)
{@PostRest {uriTemplate="", requestFormat=FORMDATA, responseFormat=JSON, summary = ""}};
endNote:
Here, the requestFormat must be set to FORMDATA.
package pkg.keycloak;
record KeycloakReqPayload
client_id string;
grant_type string;
password string;
username string;
refresh_token string;
end
package pkg.keycloak;
Record KeycloakResponse type Basicrecord
access_token string;
expires_in int;
refresh_expires_in int;
refresh_token string;
token_type string;
notBeforePolicy int {JSONName = "not-before-policy"};
session_state string;
scope string;
end At Handler1
keycloakAccessToken KeycloakAccessToken {@RestBinding {baseURI="http://localhost:8180//realms/jakarta-servlet-jwt/protocol/openid-connect/token"} };
username BSTextField{ layoutData = new GridLayoutData{ row = 2, column = 2 },
placeholder = "Enter User Name",
fieldType = BSLib.FIELD_TYPE_TEXT};
password BSTextField{ layoutData = new GridLayoutData{ row = 3, column = 2 },
placeholder = "Enter Password",
fieldType = BSLib.FIELD_TYPE_PASSWORD};
login BSButton{ layoutData = new GridLayoutData{ row = 4, column = 2 }, text = "Login", colorType=BSLib.COLOR_TYPE_PRIMARY, onClick ::= ui_onClick };
function ui_onClick(event Event in)
keycloakReqBody KeycloakReqPayload;
keycloakReqBody.client_id = "demo-jwt"; // this value is keycloak client-id
keycloakReqBody.grant_type = "password"; // this value should be “password”
keycloakReqBody.username = username.value; // user name which is created at keycloak for particular client-id
keycloakReqBody.password = password.value; //// user password which is created at keycloak for particular client-id
call keycloakAccessToken.getAccessToken(keycloakReqBody) returning to resp onException servicelib.serviceExceptionHandler;
end
function resp(retResult KeycloakResponse in)
json string = ServiceLib.convertToJSON(retResult);
RUILib.setBrowserLocalStorage("keycloak_token", json);
endNote:
This resp() function is important as you need to
store the token in the local storage for further communications.
service1 service1 {@restBinding {baseUri="http://localhost:8181/sso-keycloak-rest-api/restservices/secured/service1"}};
function BSButton_service1_onClick(event Event in)
requestHeader dictionary = prepareBearerAuthHeader(requestHeader);
ServiceLib.setRestRequestHeaders(service1, requestHeader);
call service1.functionName() returning to resp1 onException noHandlerFound;
end
function resp1(retResult string in)
SysLib.writeStdout(retResult);
end
function prepareBearerAuthHeader(requestHeader0 dictionary in) returns (dictionary)
keycloak_token String = RUILib.getBrowserLocalStorage("keycloak_token");
keycloakResponse KeycloakResponse;
ServiceLib.convertFromJSON(keycloak_token, keycloakResponse);
requestHeader Dictionary{
Authorization = "Bearer "+keycloakResponse.access_token
};
requestHeader.insertAll(requestHeader);
requestHeader0 = requestHeader;
return (requestHeader0);
end
keycloakLogout KeycloakLogout {@RestBinding {baseURI="http://localhost:8180//realms/jakarta-servlet-jwt/protocol/openid-connect/logout"} };
logout BSButton{ layoutData = new GridLayoutData{ row = 4, column = 3 }, text = "Logout", colorType=BSLib.COLOR_TYPE_PRIMARY, onClick ::= logout_onClick };
function logout_onClick(event Event in)
keycloak_token String = RUILib.getBrowserLocalStorage("keycloak_token");
keycloakResponse KeycloakResponse;
ServiceLib.convertFromJSON(keycloak_token, keycloakResponse);
keycloakReqBody KeycloakReqPayload;
keycloakReqBody.client_id = "demo-jwt";
keycloakReqBody.refresh_token = keycloakResponse.refresh_token;
call keycloakLogout.logout(keycloakReqBody) returning to resp0 onException noHandlerFound;
end
function resp0()
SysLib.writeStdout("logged out");
RUILib.removeBrowserLocalStorage("keycloak_token");
end