[keycloak-dev] Keycloak and mobile
Bill Burke
bburke at redhat.com
Wed Aug 14 17:24:53 EDT 2013
On 8/14/2013 5:00 PM, Matt Wringe wrote:
> On Wed 14 Aug 2013 04:27:12 PM EDT, Bill Burke wrote:
>>
>>
>> On 8/14/2013 4:07 PM, Matt Wringe wrote:
>>> On Wed 14 Aug 2013 03:14:41 PM EDT, Bill Burke wrote:
>>>>
>>>>
>>>> On 8/14/2013 2:45 PM, Matt Wringe wrote:
>>>>> Thoughts on some possible ways to handle mobile aspects with Keycloak.
>>>>> Its just a very brief outline of some of the options to get a
>>>>> conversation started. I tried to brief as possible, but the email is
>>>>> still a bit long :/
>>>>>
>>>>> Mobile web app
>>>>> Works similar to how any normal web app would work with keycloak. Only
>>>>> changes really needed would be to make sure the login pages and
>>>>> such are
>>>>> designed to work properly on varying sizes of touchscreens.
>>>>>
>>>>>
>>>>> Native Mobile App Approaches
>>>>>
>>>>> 1)Native mobile app accessing keycloak through a custom webview.
>>>>> Its possible for a native application to create a webview and load the
>>>>> web components of keycloak through this. Requires some changes to
>>>>> keycloak to return the token to the application since using a normal
>>>>> redirect url isn't feasible.
>>>>
>>>> On iphone you can redirect to and from native apps using URLs. So it
>>>> would be possible to use the Keycloak web login and redirects with
>>>> iphone. Are you sure Android doesn't have something similar?
>>>
>>> Yeah, you can of course use urls like that in Android.
>>>
>>> Normally the way its handled in this situation is to run web server on
>>> the device at localhost (which is what I meant by a normal url and why
>>> its not being really feasible) or to use a special redirect value and
>>> pass the token in a special manner (what you are suggesting).
>>>
>>
>> Why the need for local webserver? ON iphone at least, the native app
>> would redirect to a keycloak.org URL in browser
>> http://keycloak.org/client_id=... Browser would do the facebook
>> login, then browser would redirect back to app with the access code
>> embedded within the URL. Then the app would make an internal HTTP
>> call to keycloak to obtain the token. Traditional OAuth. Don't see
>> why you need all the other tricks you are talking about...
>>
>> Here's an example of using URLs to web provision a native app:
>>
>> http://code.google.com/p/oathtoken/wiki/WebProvisioning
>>
>> On iphone you can bind a protocol to an app, so keycloak would just
>> redirect to myapp://login?all&the&oauth¶meters&needed
>
> Hmm, interesting, its a nice clean way of handling it that I didn't
> really think of. I wonder why none the documentation on for how to
> perform social login on mobile devices mentions doing it this way.
Don't know. Maybe there is something I'm missing?? But I've seen
custom URLs work very nicely in iphone programming.
> The
> only downside is other than google, I don't think most people log into
> these sites using the mobile browser, they usually use the login via the
> mobile app.
Isn't it the same decision on whether to use a social library to help
you implement social login vs. a social broker hosted on another server?
Why even have Keycloak for native mobile apps? They can use existing
native mobile app libraries to perform social login.
Do facebook et. al. even have a direct non-browser, non-OAuth approach
to login?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list