User Info endpoint

This example script obtains a Keycloak access token using client credentials and calls the /userinfo endpoint:

Note: In case the client access type is public the client_secret can be empty.

import requests
import sys
import json
from getpass import getpass
from urllib.parse import urlparse

kc_server= "https://auth.cern.ch"
client_id = "CLIENT_ID"
client_secret = "CLIENT_SECRET"

keycloak_endpoint = kc_server+"/auth/realms/cern/protocol/openid-connect/token"
userinfo_endpoint = kc_server+"/auth/realms/cern/protocol/openid-connect/userinfo"

print("Username:")
username = input()
password = getpass("Password: ")

token_resp = requests.post(
    keycloak_endpoint,
    data={
        "grant_type": "password",
        "client_id": client_id,
        "client_secret": client_secret,
        "password": password,
        "username": username
    },
    headers={"Content-Type": "application/x-www-form-urlencoded"},
)
print(token_resp.json())
token = token_resp.json()['access_token']

print ("##########################")
print ("###### Access Token ######")
print ("##########################")
print(token)


userinfo = requests.post(
    userinfo_endpoint,
    headers={"Authorization": "Bearer {}".format(token)},
)

print ("##########################")
print ("######## Userinfo ########")
print ("##########################")
print (userinfo.json())