[keycloak-dev] Login with Access Token

Wed Dec 3 03:33:20 EST 2014

I am wondering how you do that. I know that there is a state parameter that
is added to the facebook login url, but I could just make an initial
request to keycloak to copy that, or did I understand something wrong?

2014-12-03 9:22 GMT+01:00 Stian Thorgersen <stian at redhat.com>:

> It's code that is currently changing as we're working on adding enterprise
> IdP's as well as social IdP's we have at the moment.
>
> I think the correct approach would be to use the direct grant api, which
> currently lets you exchange a username + password for a Keycloak token, we
> could add an option here to pass in a token from an external IdP to
> exchange for a internal Keycloak token. If you're interested in looking at
> the code look at OpenIDConnectService.grantAccessToken.
>
> There's no work-around that you can do due to security restrictions in
> Keycloak. Keycloak makes sure that the callback can only be called if it
> indeed made the original request.
>
> ----- Original Message -----
> > From: "Christian Beikov" <christian.beikov at gmail.com>
> > To: "Stian Thorgersen" <stian at redhat.com>
> > Sent: Wednesday, 3 December, 2014 9:11:55 AM
> > Subject: Re: [keycloak-dev] Login with Access Token
> >
> > Thanks for the quick answer. Could you maybe give me a hint on how I
> could
> > implement that in a quick-and-dirty way? Could I maybe do some iframe
> magic
> > in a hidden webview to do the login? I am not quite sure how the social
> > login works exactly. Facebook will redirect me back to the social
> callback
> > address after a login, but how does keycloak actually retrieve that
> access
> > token? If I knew that, I could maybe create a workaround for now and
> maybe
> > also contribute something? :)
> >
> > 2014-12-03 8:48 GMT+01:00 Stian Thorgersen <stian at redhat.com>:
> >
> > >
> > >
> > > ----- Original Message -----
> > > > From: "Christian Beikov" <christian.beikov at gmail.com>
> > > > To: keycloak-dev at lists.jboss.org
> > > > Sent: Tuesday, 2 December, 2014 6:58:42 PM
> > > > Subject: [keycloak-dev] Login with Access Token
> > > >
> > > > Hello!
> > > >
> > > > I am new to OAuth so sorry if my question is dumb.
> > > > I have an App which wants to provide a custom and Facebook login.
> Since
> > > many
> > > > people already have the Facebook App installed, I thought it might be
> > > better
> > > > to give them the native experience and use the Facebook SDK to
> implement
> > > the
> > > > login.
> > > > The problem now is, that I have the Access Token from the successful
> > > Facebook
> > > > login, but don't know how to properly login at the Keycloak server
> with
> > > > that.
> > > >
> > > > Any ideas on how to do that? Or is that even stupid and is there a
> better
> > > > way?
> > >
> > > Not at all a dumb question and we actually had someone else ask the
> same
> > > last week.
> > >
> > > Currently, Keycloak does not support this flow, but it something we may
> > > consider adding.
> > >
> > > > --
> > > >
> > > > Mit freundlichen Grüßen,
> > > >
> > > > Christian Beikov
> > > >
> > > > _______________________________________________
> > > > keycloak-dev mailing list
> > > > keycloak-dev at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > >
> >
> >
> >
> > --
> >
> > Mit freundlichen Grüßen,
> >
> >
> > *Christian Beikov*Blazebit Design & Developing
> > http://www.blazebit.com
> >
>

-- 

Mit freundlichen Grüßen,

*Christian Beikov*Blazebit Design & Developing
http://www.blazebit.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20141203/e7b1c897/attachment.html 