<div dir="ltr">Summers - Yes, this is perfect<div><br></div><div><a href="https://github.com/auth0/java-jwt#verify-a-token" rel="noreferrer" target="_blank">https://github.com/auth0/java-<wbr>jwt#verify-a-token</a> <br><div class="gmail_extra"><br></div><div class="gmail_extra">Thank you for your help! </div><div class="gmail_extra"><br></div><div class="gmail_extra">I was unsure if this was built into any of the Java/Keycloak adapters. This confirmation helps quite a bit. </div><div class="gmail_extra"><br></div><div class="gmail_extra">I have been running my modified version of aerogear for a couple weeks now and it works well. The ability to stay in the app using Safari View Controller + using kc_idp_hint is really nice and makes the native Facebook / Google iOS cocoapods seem unnecessary if you are just doing social sign-in which I believe is the point. </div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jun 5, 2017 at 3:21 PM, <span dir="ltr"><<a href="mailto:aerogear-users-request@lists.jboss.org" target="_blank">aerogear-users-request@lists.jboss.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send Aerogear-users mailing list submissions to<br>
<a href="mailto:aerogear-users@lists.jboss.org">aerogear-users@lists.jboss.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-users" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/aerogear-<wbr>users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:aerogear-users-request@lists.jboss.org">aerogear-users-request@lists.<wbr>jboss.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:aerogear-users-owner@lists.jboss.org">aerogear-users-owner@lists.<wbr>jboss.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Aerogear-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: iOS Troubleshooting when server uses a self-signed<br>
certificate Swift 3 (Polina Koleva)<br>
2. Keycloak - validate token on server (Doug Drouillard)<br>
3. Re: Keycloak - validate token on server (Summers Pittman)<br>
4. Re: Keycloak - validate token on server (Doug Drouillard)<br>
5. Re: Keycloak - validate token on server (Summers Pittman)<br>
<br>
<br>
------------------------------<wbr>------------------------------<wbr>----------<br>
<br>
Message: 1<br>
Date: Mon, 29 May 2017 09:27:59 -0700 (MST)<br>
From: Polina Koleva <<a href="mailto:polina.n.koleva@gmail.com">polina.n.koleva@gmail.com</a>><br>
Subject: Re: [Aerogear-users] iOS Troubleshooting when server uses a<br>
self-signed certificate Swift 3<br>
To: <a href="mailto:aerogear-users@lists.jboss.org">aerogear-users@lists.jboss.org</a><br>
Message-ID: <<a href="mailto:1496075279116-1117.post@n5.nabble.com">1496075279116-1117.post@n5.<wbr>nabble.com</a>><br>
Content-Type: text/plain; charset=UTF-8<br>
<br>
Hey :)<br>
<br>
Julio Cesar Sanchez Hernandez wrote<br>
> Hi.<br>
><br>
> There is something missing on the email you sent.<br>
><br>
> You said<br>
> I added in my DeviceRegistration.swift file the method:<br>
<br>
I have added the code but it is not visible in the email. I place it here<br>
again (hopefully this time it will work). So this is the implementation of<br>
the method:<br>
<br>
public func urlSession(_session: URLSession, task: URLSessionTask,<br>
didReceive challenge: URLAuthenticationChallenge, completionHandler:<br>
(URLSession.<wbr>AuthChallengeDisposition, URLCredential?) -> Void) {<br>
if challenge.protectionSpace.<wbr>authenticationMethod ==<br>
NSURLAuthenticationMethodServe<wbr>rTrust && challenge.protectionSpace.host ==<br>
serverURL.host! {<br>
let credentials = URLCredential(trust:<br>
challenge.protectionSpace.<wbr>serverTrust!)<br>
<br>
completionHandler(Foundation.<wbr>URLSession.<wbr>AuthChallengeDisposition.<wbr>useCredential,<br>
credentials)<br>
} else {<br>
<br>
completionHandler(Foundation.<wbr>URLSession.<wbr>AuthChallengeDisposition.<wbr>cancelAuthenticationChallenge,<br>
nil)<br>
}<br>
}<br>
<br>
<br>
<br>
Julio Cesar Sanchez Hernandez wrote<br>
> Do you see any error message on Xcode console? If yes, share them.<br>
<br>
Yes, it is written that the server is not trusted because of the self-signed<br>
certificate.<br>
This is the error:<br>
<br>
Error Registering with UPS: The certificate for this server is invalid. You<br>
might be connecting to a server that is pretending to be ?x.x.x.x? which<br>
could put your confidential information at risk.<br>
<br>
<br>
Julio Cesar Sanchez Hernandez wrote<br>
> Do you have a paid Apple developer account?<br>
<br>
Yes, I have a developer account.<br>
<br>
<br>
Julio Cesar Sanchez Hernandez wrote<br>
> Are you testing on a real device?<br>
<br>
Yes, I am testing on a real device.<br>
<br>
<br>
Julio Cesar Sanchez Hernandez wrote<br>
> Is the device asking for the push permissions?<br>
<br>
Yes, the app asks for permission to receive push notifications. But it<br>
cannot connect to the server.<br>
<br>
<br>
Julio Cesar Sanchez Hernandez wrote<br>
> Is your server available online so I can take a look?<br>
<br>
No, I am running the ups on my local machine.<br>
<br>
Thanks.<br>
On Mon, May 29, 2017 at 2:57 PM, Polina Koleva &lt;polina.n.koleva@&gt;<br>
wrote:<br>
<br>
> Hey,<br>
> I am trying to run Swift 3 HelloWorld app ( HelloWorldSwift<br>
> &lt;<a href="https://github.com/aerogear/aerogear-ios-cookbook/tree/" rel="noreferrer" target="_blank">https://github.com/<wbr>aerogear/aerogear-ios-<wbr>cookbook/tree/</a><br>
&gt; master/UnifiedPushHelloWorld><br>
> ) but I have a problem with the self-signed certificate.<br>
> Looking at the documentation ( ios troubleshooting<br>
> &lt;<a href="https://aerogear.org/docs/unifiedpush/aerogear-push-ios/" rel="noreferrer" target="_blank">https://aerogear.org/docs/<wbr>unifiedpush/aerogear-push-ios/</a><br>
&gt; guides/#troubleshooting><br>
> ) and changing it a little bit for Swift 3 , I added in my<br>
> DeviceRegistration.swift file the method:<br>
><br>
><br>
><br>
> But it still doesn't work. The method is not invoked at all. Do I miss<br>
> something?<br>
><br>
> Any help will be appreciated.<br>
><br>
> Polina<br>
><br>
><br>
><br>
> --<br>
> View this message in context: <a href="http://aerogear-users.1116366" rel="noreferrer" target="_blank">http://aerogear-users.1116366</a>.<br>
> <a href="http://n5.nabble.com/iOS-Troubleshooting-when-server-uses-a-self-signed-" rel="noreferrer" target="_blank">n5.nabble.com/iOS-<wbr>Troubleshooting-when-server-<wbr>uses-a-self-signed-</a><br>
> certificate-Swift-3-tp1115.<wbr>html<br>
> Sent from the aerogear-users mailing list archive at Nabble.com.<br>
> ______________________________<wbr>_________________<br>
> Aerogear-users mailing list<br>
> Aerogear-users@.jboss<br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-users" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/aerogear-<wbr>users</a><br>
><br>
<br>
______________________________<wbr>_________________<br>
Aerogear-users mailing list<br>
Aerogear-users@.jboss<br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-users" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/aerogear-<wbr>users</a><br>
<br>
<br>
<br>
<br>
--<br>
View this message in context: <a href="http://aerogear-users.1116366.n5.nabble.com/iOS-Troubleshooting-when-server-uses-a-self-signed-certificate-Swift-3-tp1115p1117.html" rel="noreferrer" target="_blank">http://aerogear-users.1116366.<wbr>n5.nabble.com/iOS-<wbr>Troubleshooting-when-server-<wbr>uses-a-self-signed-<wbr>certificate-Swift-3-<wbr>tp1115p1117.html</a><br>
Sent from the aerogear-users mailing list archive at Nabble.com.<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Wed, 31 May 2017 14:36:45 -0400<br>
From: Doug Drouillard <<a href="mailto:douglas.drouillard@gmail.com">douglas.drouillard@gmail.com</a>><br>
Subject: [Aerogear-users] Keycloak - validate token on server<br>
To: <a href="mailto:aerogear-users@lists.jboss.org">aerogear-users@lists.jboss.org</a><br>
Message-ID:<br>
<<a href="mailto:CAJSu2J6OZWe2miZ5eHg2Ydo9Vip3RE%2Bvt%2B5yCAcAHg5xceGPrw@mail.gmail.com">CAJSu2J6OZWe2miZ5eHg2Ydo9Vip3<wbr>RE+vt+5yCAcAHg5xceGPrw@mail.<wbr>gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hello,<br>
<br>
I am using Aerogear-iOS and I am able to successfully get a JWT from<br>
keycloak. Say I pass that JWT to a Java web service (that is not wildfly),<br>
is there a way to easily verify the token? The keycloak adapters for<br>
undertow and jetty seem beyond my reach. I am using Ninja Framework and the<br>
undertow integration does not seem feasible in my time frame.<br>
I was hoping to easily validate token on server, but I can't seem to have<br>
come across anything. My concern is that I want to disable a user and<br>
immediately have them disabled, not wait on expiration in token.<br>
<br>
I have proposed this question on stack overflow and on the keycloak mailing<br>
list with no answers so I was hoping to have some luck here.<br>
<br>
Thanks.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.jboss.org/pipermail/aerogear-users/attachments/20170531/c2f861b8/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.jboss.org/<wbr>pipermail/aerogear-users/<wbr>attachments/20170531/c2f861b8/<wbr>attachment-0001.html</a><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Thu, 1 Jun 2017 07:47:35 -0400<br>
From: Summers Pittman <<a href="mailto:supittma@redhat.com">supittma@redhat.com</a>><br>
Subject: Re: [Aerogear-users] Keycloak - validate token on server<br>
To: <a href="mailto:aerogear-users@lists.jboss.org">aerogear-users@lists.jboss.org</a><br>
Message-ID:<br>
<<a href="mailto:CAEQz2CsFi_rkhDrnzDG9GE0fXxhxw16qj983ueF1vy8RLpT2nw@mail.gmail.com">CAEQz2CsFi_<wbr>rkhDrnzDG9GE0fXxhxw16qj983ueF1<wbr>vy8RLpT2nw@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Are you thinking something like this :<br>
<a href="https://github.com/auth0/java-jwt#verify-a-token" rel="noreferrer" target="_blank">https://github.com/auth0/java-<wbr>jwt#verify-a-token</a> ?<br>
<br>
On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard <<br>
<a href="mailto:douglas.drouillard@gmail.com">douglas.drouillard@gmail.com</a>> wrote:<br>
<br>
> Hello,<br>
><br>
> I am using Aerogear-iOS and I am able to successfully get a JWT from<br>
> keycloak. Say I pass that JWT to a Java web service (that is not wildfly),<br>
> is there a way to easily verify the token? The keycloak adapters for<br>
> undertow and jetty seem beyond my reach. I am using Ninja Framework and the<br>
> undertow integration does not seem feasible in my time frame.<br>
> I was hoping to easily validate token on server, but I can't seem to have<br>
> come across anything. My concern is that I want to disable a user and<br>
> immediately have them disabled, not wait on expiration in token.<br>
><br>
> I have proposed this question on stack overflow and on the keycloak<br>
> mailing list with no answers so I was hoping to have some luck here.<br>
><br>
> Thanks.<br>
><br>
> ______________________________<wbr>_________________<br>
> Aerogear-users mailing list<br>
> <a href="mailto:Aerogear-users@lists.jboss.org">Aerogear-users@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-users" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/aerogear-<wbr>users</a><br>
><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.jboss.org/pipermail/aerogear-users/attachments/20170601/34c360c8/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.jboss.org/<wbr>pipermail/aerogear-users/<wbr>attachments/20170601/34c360c8/<wbr>attachment-0001.html</a><br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Mon, 5 Jun 2017 09:11:43 -0400<br>
From: Doug Drouillard <<a href="mailto:douglas.drouillard@gmail.com">douglas.drouillard@gmail.com</a>><br>
Subject: Re: [Aerogear-users] Keycloak - validate token on server<br>
To: <a href="mailto:aerogear-users@lists.jboss.org">aerogear-users@lists.jboss.org</a><br>
Message-ID:<br>
<<wbr>CAJSu2J7YAAh47A57GzLu3hqkYzpfu<wbr>OLC=<a href="mailto:SZNaDCKeMpF%2BAqNbA@mail.gmail.com">SZNaDCKeMpF+AqNbA@mail.<wbr>gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
I ended up forking aerogear and merging in an unmerged PR that exposed<br>
Safari View Controller (I am targeting iOS 9+) and then also modified to<br>
allow for passing of kc_idp_hint.<br>
<br>
<a href="https://github.com/drouillard/aerogear-ios-oauth2" rel="noreferrer" target="_blank">https://github.com/drouillard/<wbr>aerogear-ios-oauth2</a><br>
<br>
It is nice and clean and avoids the user experience issues that motivated<br>
my original question. E.g. embedded views dont work with Google sign-in and<br>
the external safari makes user answer an additional prompt (Open in 'app<br>
name') plus risks leaving them in no-persons land if they cancel.<br>
<br>
For my active account question I likely can just use the Admin API can<br>
check outright for if user is enabled.<br>
<br>
Still researching best Java client to use in my case as it seems like i am<br>
in a bearer-only situation. The aerogear code is easier to follow as there<br>
is not intermixing of session/server logic like the servlet examples I have<br>
seen.<br>
Verifying the JWT on local server is easy and likely good enough but I<br>
believe there should be a way to verify it with the keycloak server if<br>
desired using certificates/possibly open-id end points. I am working in a<br>
high fraud situation so need all options available.<br>
<br>
Will update this thread as they appear in Google search results.<br>
<br>
On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard <<br>
<a href="mailto:douglas.drouillard@gmail.com">douglas.drouillard@gmail.com</a>> wrote:<br>
<br>
> Hello,<br>
><br>
> I am using Aerogear-iOS and I am able to successfully get a JWT from<br>
> keycloak. Say I pass that JWT to a Java web service (that is not wildfly),<br>
> is there a way to easily verify the token? The keycloak adapters for<br>
> undertow and jetty seem beyond my reach. I am using Ninja Framework and the<br>
> undertow integration does not seem feasible in my time frame.<br>
> I was hoping to easily validate token on server, but I can't seem to have<br>
> come across anything. My concern is that I want to disable a user and<br>
> immediately have them disabled, not wait on expiration in token.<br>
><br>
> I have proposed this question on stack overflow and on the keycloak<br>
> mailing list with no answers so I was hoping to have some luck here.<br>
><br>
> Thanks.<br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.jboss.org/pipermail/aerogear-users/attachments/20170605/42fca23f/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.jboss.org/<wbr>pipermail/aerogear-users/<wbr>attachments/20170605/42fca23f/<wbr>attachment-0001.html</a><br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Mon, 5 Jun 2017 14:42:36 -0400<br>
From: Summers Pittman <<a href="mailto:supittma@redhat.com">supittma@redhat.com</a>><br>
Subject: Re: [Aerogear-users] Keycloak - validate token on server<br>
To: <a href="mailto:aerogear-users@lists.jboss.org">aerogear-users@lists.jboss.org</a><br>
Message-ID:<br>
<CAEQz2Cs7_Nc9SYaPNmVhe3kRfx=<a href="mailto:6mWBdC4o58zX9jRgXt_Wknw@mail.gmail.com">6<wbr>mWBdC4o58zX9jRgXt_Wknw@mail.<wbr>gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
On Mon, Jun 5, 2017 at 9:11 AM, Doug Drouillard <<br>
<a href="mailto:douglas.drouillard@gmail.com">douglas.drouillard@gmail.com</a>> wrote:<br>
<br>
> I ended up forking aerogear and merging in an unmerged PR that exposed<br>
> Safari View Controller (I am targeting iOS 9+) and then also modified to<br>
> allow for passing of kc_idp_hint.<br>
><br>
> <a href="https://github.com/drouillard/aerogear-ios-oauth2" rel="noreferrer" target="_blank">https://github.com/drouillard/<wbr>aerogear-ios-oauth2</a><br>
><br>
> It is nice and clean and avoids the user experience issues that motivated<br>
> my original question. E.g. embedded views dont work with Google sign-in and<br>
> the external safari makes user answer an additional prompt (Open in 'app<br>
> name') plus risks leaving them in no-persons land if they cancel.<br>
><br>
> For my active account question I likely can just use the Admin API can<br>
> check outright for if user is enabled.<br>
><br>
> Still researching best Java client to use in my case as it seems like i am<br>
> in a bearer-only situation. The aerogear code is easier to follow as there<br>
> is not intermixing of session/server logic like the servlet examples I have<br>
> seen.<br>
> Verifying the JWT on local server is easy and likely good enough but I<br>
> believe there should be a way to verify it with the keycloak server if<br>
> desired using certificates/possibly open-id end points. I am working in a<br>
> high fraud situation so need all options available.<br>
><br>
> Will update this thread as they appear in Google search results.<br>
><br>
<br>
+1 Thanks for the feedback, and I will keep an eye out for your updates.<br>
<br>
<br>
><br>
> On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard <<br>
> <a href="mailto:douglas.drouillard@gmail.com">douglas.drouillard@gmail.com</a>> wrote:<br>
><br>
>> Hello,<br>
>><br>
>> I am using Aerogear-iOS and I am able to successfully get a JWT from<br>
>> keycloak. Say I pass that JWT to a Java web service (that is not wildfly),<br>
>> is there a way to easily verify the token? The keycloak adapters for<br>
>> undertow and jetty seem beyond my reach. I am using Ninja Framework and the<br>
>> undertow integration does not seem feasible in my time frame.<br>
>> I was hoping to easily validate token on server, but I can't seem to have<br>
>> come across anything. My concern is that I want to disable a user and<br>
>> immediately have them disabled, not wait on expiration in token.<br>
>><br>
>> I have proposed this question on stack overflow and on the keycloak<br>
>> mailing list with no answers so I was hoping to have some luck here.<br>
>><br>
>> Thanks.<br>
>><br>
><br>
><br>
> ______________________________<wbr>_________________<br>
> Aerogear-users mailing list<br>
> <a href="mailto:Aerogear-users@lists.jboss.org">Aerogear-users@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-users" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/aerogear-<wbr>users</a><br>
><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.jboss.org/pipermail/aerogear-users/attachments/20170605/882e972c/attachment.html" rel="noreferrer" target="_blank">http://lists.jboss.org/<wbr>pipermail/aerogear-users/<wbr>attachments/20170605/882e972c/<wbr>attachment.html</a><br>
<br>
------------------------------<br>
<br>
______________________________<wbr>_________________<br>
Aerogear-users mailing list<br>
<a href="mailto:Aerogear-users@lists.jboss.org">Aerogear-users@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-users" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/aerogear-<wbr>users</a><br>
<br>
<br>
End of Aerogear-users Digest, Vol 33, Issue 1<br>
******************************<wbr>***************<br>
</blockquote></div><br></div></div></div>