How to create keyclock clientSecret via API
I’m using keycloak version 20.0.2, and I want to know if it possible to create clientSecret through a post request (/admin/realms/:realm/clients/:id/client-secret).
I want to send body to post request with my own generated client secret value
https://{host}/admin/realms/{realm}/clients/{id}/client-secret
Body: {
"clientSecret":"my own generated value here"
}
Response: {
type: "secret",
value: "my own generated value here"
}
Solution
You have two options.
#1 One is create new client API with own secret
#2 Second is can random generated secret on existing client by Keycloak
But no option update the client secrete with your own.
#1 One is create new client API with own secret
POST {Keycloak URL}/admin/realms/test/clients
Body
{
"clientId": <new client ID>,
"name": <Cleint Name>,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": <my-own-secret>
}
Example by Postman
In Body
{
"clientId": "Test-Client",
"name": "Test-Client-New",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "my-new-own-secret"
}
Result
#2 Second is can random generated secret by Keycloak
POST {Keycloak URL}/admin/realms/{my-realm}/clients/{client-uuid}/client-secret
Input Body
None
Response Body
{
"type": "secret",
"value": <Random created new secret by Keycloak>
}
Result in Keycloak UI
- Facebook graph api returns 400 bad request with correct access token
- Azure arc agent error "Missing Basic Authorization header"
- How to use librdkafka with OIDC and Azure AD as token provider for OAUTHBEARER?
- OAuth Authorization vs Authentication
- Use bash curl with oauth to return google apps user account data?
- OAuth token with basic POST request
- n8n Microsoft Graph OAuth2 login still fails after admin consent
- Get AD security groups in NGINX through OAuth2
- Getting "error": "unsupported_grant_type" when trying to get a JWT by calling an OWIN OAuth secured Web Api via Postman
- Authenticating a user with NextCloud using oauth2 with authlib in flask fails at getting access token
- Authorisation Code Flow in NextJS - how to pass PKCE code_verifier to the authorization callback?
- Where can I find a list of scopes for Google's OAuth 2.0 API?
- Google One tap sign-in UI not displayed after clicking the close button
- Google Drive API: gapi.client.drive.files.copy returns 404 for existing file (Slides template)
- AWS Cognito - How to force select account when signing in with Google
- Misleading Graph API user_link
- Google Calendar OAuth 2.0 Error 403: access_denied
- How do I solve audience (aud) invalid claim error for downstream api service?
- Microsoft Entra ID CIAM – AADSTS65001: User or admin has not consented (Native Authentication)
- Bot Framework Python SDK ErrorResponseException: Operation returned an invalid status code 'Unauthorized'
- How do you authenticate a call to a logic app (standard) via oAuth2.0?
- Refresh access_token via refresh_token in Keycloak
- Differences between audience, issuer, and client terms in JWT, OAuth and OIDC
- Oauth2 server redirect URI
- Chrome Extension: Google Photos API Returns "Insufficient Scopes" Despite Correct Setup
- Single Sign-Out with OAuth2, Spring Boot 3 and Keycloak - not working
- redirect_uri using http instead of https
- Sign in with Google temporarily disabled for this app
- How does PKCE help public clients?
- Why do I keep getting "401 unauthorized" response when sending mails through Graph API with delegated access?