[keycloak-dev] Helping accessing user Oauth tokens

Brooks Isoldi brooks.isoldi at traversed.com
Mon May 16 13:41:01 EDT 2016 

Hi all,

I'm having trouble getting access to the oauth tokens that should be 
returned from the user authenticating with Twitter via the Keycloak 
login page.

FYI, this is cross-posted on SO 
(http://stackoverflow.com/questions/37257623/accessing-user-oauth-tokens-returned-by-keycloak).

-----
I have a Keycloak (standalone) v1.9.4.Final install setup using Wildfly 
10 on an AWS instance and am trying to use keycloak (via keycloak's 
login page) and Twitter4j to authenticate a user with Twitter and then 
obviously have my application authenticate and view the users timeline, etc.

I have configured the Identity Provider (Twitter), the realm and my 
client application.

I also have a Twitter application setup at apps.twitter.com and the keys 
put into my twitter4j.properties file.

So far, I am able to:

 1. Go to my application's JSF webpage and get redirected to Keycloak's
    /auth login page
 2. Click the Twitter logo and login with my Twitter account (separate
    account from the account that owns the Twitter application)
 3. Complete the user information that Keycloak asks for
 4. After completing the user information, Keycloak successfully directs
    the user back to the client application (in this case, a JSF page).

The problem is, I can't figure out how to get access to the users OAuth 
AccessToken and AccessTokenSecret to combine with the Twitter 
application's ConsumerKey and ConsumerKeySecret.

I'm trying to get the tokens from the FacesContext, but I suspect that 
context would not have it.

|HttpSessionhttpSession 
=(HttpSession)facesContext.getExternalContext().getSession(false);KeycloakSecurityContextkeycloakContext 
=(RefreshableKeycloakSecurityContext)httpSession.getAttribute(KeycloakSecurityContext.class.getName());------- 
|

Taking a page from the twitter broker demo, we used the 
KeyCloakSecurityContext held in the FacesContext's HTTPSession to get 
the Bearer token, dropped the demo's TwitterOAuthResponse class into our 
project and made a REST call to the realm's twitter token endpoint using 
the, but then we got a permission denied saying the client did not have 
access to the identity providers token.

Any help would be greatly appreciated!


-- 
Brooks Isoldi, Software Developer

Traversed
7164 Columbia Gateway Drive, Suite 120A
Columbia, MD 21046


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160516/03fee514/attachment.html

More information about the keycloak-dev mailing list