[keycloak-dev] Oauth Register and Token Validation Example
Marek Posolda
mposolda at redhat.com
Tue Jul 29 03:25:06 EDT 2014
Hi,
the best is to start with documentation
http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/index.html
and also look at existing examples
https://github.com/keycloak/keycloak/tree/master/examples . Probably
most useful for you might be
https://github.com/keycloak/keycloak/tree/master/examples/demo-template
. It has restful application "database-service", where you can send
secured REST requests with the bearer token attached to them. Other
applications in the directory are web applications, which obtain bearer
token from the Keycloak login . Product-portal and customer-portal are
JEE applications secured by Keycloak itself, third-party and
third-party-cdi is more traditional OAuth where token is used just to
retrieve the secured data from "database-service" . See the README for
more info.
Example for CORS support is here:
https://github.com/keycloak/keycloak/tree/master/examples/cors
Marek
On 25.7.2014 23:04, Harit Himanshu wrote:
> Hey Team,
>
> I am been looking for answer to
> http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis and
> found that keycloak is suitable for securing REST APIs using OAuth 2.0.
>
> I am looking for example where the following is demonstrated
> a.) Third-party app registers and gets Access Token
> b.) Third-Party app accesses Resource Server to access protected
> resource by sending Access Token to REST API
> c.) and How Token is validated.
>
>
> It is mentioned in features of keycloak as
>
> * OAuth Bearer token auth for REST Services
> * OAuth 2.0 Grant requests
> * CORS Support
>
> Can you please guide me through examples?
>
> Thank you
>
>
> On Fri, Jul 25, 2014 at 2:00 PM, Harit Himanshu
> <harit.subscriptions at gmail.com <mailto:harit.subscriptions at gmail.com>>
> wrote:
>
> Hey Team,
>
> I am been looking for answer to
> http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis
> and found that keycloak is suitable for securing REST APIs using
> OAuth 2.0.
>
> I am looking for example where the following is demonstrated
> a.) Third-party app registers and gets Access Token
> b.) Third-Party app accesses Resource Server to access protected
> resource by sending Access Token to REST API
> c.) and How Token is validated.
>
>
> It is mentioned in features of keycloak as
>
> * OAuth Bearer token auth for REST Services
> * OAuth 2.0 Grant requests
> * CORS Support
>
> Can you please guide me through examples?
>
> Thank you
> + Harit Himanshu
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140729/09d4548b/attachment.html
More information about the keycloak-dev
mailing list