Inefficient token management

[barisertekin]

Hi,

It doesn't look nice to request a token for every operation.
Even if we get a new token when it expires, the same problem persists across multiple instance.
I tried with ServiceAccount + BasicAuth but couldn't succeed. I'm not sure if it's supported.
What do you think about this? Is there another way?

Thank you.

[sps-campbellwray]

Currently there is nothing built into this library to cache/refresh tokens.

If you need this functionality the best way to achieve it is to write a function that returns a token, and then use the Func<string> getToken constructor when initializing the KeycloakClient. Your function could handle the caching/refreshing of the token, so it didn't create a new token each time it was called.

The way we are currently using this library is to generate a token for every single request, which I know is messy, but unfortunately other priorities have prevented me from improving this.

To answer your other question, it is possible to set up a service account and use that for authentication. I'd be happy to provide more support after the long weekend if you need it.

[barisertekin]

Thank you for your quick response.

I have been unable to find a way to call the admin-api with a Service Account.
The methods in the admin-api require a token.
If there is a way to call it using Basic Authentication with ClientId:ClientSecret, I would appreciate your help.

[sps-campbellwray]

I'm not sure if this is the 100% correct way to do it, but this is the procedure we follow:

In the master realm find the admin-cli client, configure the capabilities like so:

From the Credentials tab, get the Client Secret

You can then use the KeycloakClient(string url, string clientSecret, KeycloakOptions options = null) constructor to create a KeycloakClient. The KeycloakOptions object uses the client admin-cli by default.

Once you've got that part working you can change over to the KeycloakClient(string url, Func<string> getToken, KeycloakOptions options = null) constructor and pass in a custom getToken function based on the GetAccessTokenAsync method in src\Keycloak.Net.Core\Common\Extensions\FlurlRequestExtensions.cs. Your function would need to implement the functionality for caching and refreshing the token as it expires.

If you manage to get this working it would be a welcome contribution to the library, unfortunately other priorities have prevented me from being able to work on such an implementation, which is why it is not already there.