[keycloak-dev] Oauth Register and Token Validation Example

Marek Posolda mposolda at redhat.com
Tue Jul 29 03:25:06 EDT 2014 

Hi,

the best is to start with documentation 
http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/index.html 
and also look at existing examples 
https://github.com/keycloak/keycloak/tree/master/examples . Probably 
most useful for you might be 
https://github.com/keycloak/keycloak/tree/master/examples/demo-template 
. It has restful application "database-service", where you can send 
secured REST requests with the bearer token attached to them. Other 
applications in the directory are web applications, which obtain bearer 
token from the Keycloak login . Product-portal and customer-portal are 
JEE applications secured by Keycloak itself, third-party and 
third-party-cdi is more traditional OAuth where token is used just to 
retrieve the secured data from "database-service" . See the README for 
more info.

Example for CORS support is here: 
https://github.com/keycloak/keycloak/tree/master/examples/cors

Marek

On 25.7.2014 23:04, Harit Himanshu wrote:
> Hey Team,
>
> I am been looking for answer to 
> http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis and 
> found that keycloak is suitable for securing REST APIs using OAuth 2.0.
>
> I am looking for example where the following is demonstrated
> a.) Third-party app registers and gets Access Token
> b.) Third-Party app accesses Resource Server to access protected 
> resource by sending Access Token to REST API
> c.) and How Token is validated.
>
>
> It is mentioned in features of keycloak as
>
>   * OAuth Bearer token auth for REST Services
>   * OAuth 2.0 Grant requests
>   * CORS Support
>
> Can you please guide me through examples?
>
> Thank you
>
>
> On Fri, Jul 25, 2014 at 2:00 PM, Harit Himanshu 
> <harit.subscriptions at gmail.com <mailto:harit.subscriptions at gmail.com>> 
> wrote:
>
>     Hey Team,
>
>     I am been looking for answer to
>     http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis
>     and found that keycloak is suitable for securing REST APIs using
>     OAuth 2.0.
>
>     I am looking for example where the following is demonstrated
>     a.) Third-party app registers and gets Access Token
>     b.) Third-Party app accesses Resource Server to access protected
>     resource by sending Access Token to REST API
>     c.) and How Token is validated.
>
>
>     It is mentioned in features of keycloak as
>
>       * OAuth Bearer token auth for REST Services
>       * OAuth 2.0 Grant requests
>       * CORS Support
>
>     Can you please guide me through examples?
>
>     Thank you
>     + Harit Himanshu
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140729/09d4548b/attachment.html

More information about the keycloak-dev mailing list