[keycloak-dev] Keycloak Intergration

Thu Sep 25 11:36:13 EDT 2014

Hello Sagar,

For Keycloak OAuth2, AeroGear provides a sdk, we have both Obj-C and Swift. Although lastest features goes in Swift version.

1. AeroGear-iOS 1.6 targets obj-c code [1] with its associated test repo [2], [2bis]

2. AeroGear 2.0 is modularized and based on Swift:
aerogear-ios-http [3]
aerogear-ios-oauth2 [4]
Here you can find interesting access/refresh/revoke simple example:
aerogear-ios-cookbook [5]
aerogear-backend-cookbook [6]
Note that 2.0 is on its way and should be release early October.
http module (aerogear-ios-http coupled with aerogear-ios-oauth2) is taking care of refreshing implictly tokens for you. 

Some blog posts [7]. I’m actually going to write an update blog post for Swift version.
Some links to go through.. Feedback welcome.

++
Corinne
iOS AeroGear
[1] https://github.com/aerogear/aerogear-ios
[2] https://github.com/aerogear/aerogear-ios-cookbook/tree/master/ProductInventory
[2bis] https://github.com/aerogear/aerogear-integration-tests-server#oauth2-with-keycloak
[3] https://github.com/aerogear/aerogear-ios-http
[4] https://github.com/aerogear/aerogear-ios-oauth2
[5] https://github.com/aerogear/aerogear-ios-cookbook/tree/swift/ProductInventory
[6] https://github.com/corinnekrych/aerogear-backend-cookbook/tree/master/ProductInventory
[7] http://corinnekrych.blogspot.fr/search/label/OAuth2

On 25 Sep 2014, at 15:32, Bill Burke <bburke at redhat.com> wrote:

> Sagar,  I'm moving this to keycloak-dev list.  See comments inline
> 
> On 9/25/2014 6:53 AM, Sagar Zond wrote:
>> Hi,
>> 
>> We are planning to use KeyClock for OAuth authorization server for our
>> API platform. Our understanding to KeyClock and OAuth is not very clear
>> so need your help to properly utilize KeyClock features.
>> 
>> Just to introduce our self, we are a start-up firm and creating products
>> for Health care domain. In our architecture we will have multiple Rest
>> API servers and multiple types of client like mobile, web and publicly
>> expose API. KeyCloak can be used as authentication and authorization
>> server. We have already gone through most of KeyCloak tutorials.
>> 
>> Here are few points of which we need answer -
>> 
>> 1. API platform will be registered as application server on KeyClock and
>> clients (mobile app, web app or other app) will be authorized by
>> keyclock as per defined role. Is this a proper use case of KeyClock ?
>> 
> 
> You'll have to elaborate.  I don't know exactly what you are saying. 
> Your REST API server would be registered as a Keycloak "Application". 
> You can define roles per "Application" or at the Realm level (global roles).
> 
>> 2. How do we integrate OAuth into mobile app ? Where can we write token
>> refresh logic?
>> 
> 
> You can start off by defining an public "OAuth Client" per mobile app. 
> You can use the direct grant REST API to obtain a token, or, use mobile 
> redirects to login through the mobile's browser.  I believe the Aerogear 
> project is doing some work around Keycloak IOS and Android clients, but 
> you'd have to ping them.
> 
>> 3. How we can add more fields in session? e.g. if we want to add more
>> token in header which may contain some extra application specific
>> encrypted data.
>> 
> 
> Not sure what you mean.  We don't have a nice way of adding claims to 
> the token at the moment.
> 
>> 4. We are currently using OpenDS Ldap for authentication and we already
>> have number of registered users which currently using API. So we need
>> Keyclock to be configured for OpenDS, so please suggested how to
>> integrate OpenDS with KeyClock.
>> 
> 
> We have LDAP integration:
> 
> http://docs.jboss.org/keycloak/docs/1.0.1.Final/userguide/html/user_federation.html#d4e1263
> 
> 
> 
> -- 
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev