[keycloak-dev] Helping accessing user Oauth tokens

Tue May 17 04:42:09 EDT 2016

You need to have "Store tokens" enabled for your identity provider in 
keycloak admin console. We also have some twitter example for showing 
this. It's maybe not working and needs some changes (it's not part of 
the official example distribution), but hopefully you can take a look at 
sources and have some inspiration from it : 
https://github.com/keycloak/keycloak/tree/master/examples/broker/twitter-authentication

Btv. I would try to have first working setup locally and then move to 
AWS later. Just to eliminate that AWS is not the thing, which is causing 
issues here.

Marek

On 16/05/16 19:41, Brooks Isoldi wrote:
> Hi all,
>
> I'm having trouble getting access to the oauth tokens that should be 
> returned from the user authenticating with Twitter via the Keycloak 
> login page.
>
> FYI, this is cross-posted on SO 
> (http://stackoverflow.com/questions/37257623/accessing-user-oauth-tokens-returned-by-keycloak).
>
> -----
> I have a Keycloak (standalone) v1.9.4.Final install setup using 
> Wildfly 10 on an AWS instance and am trying to use keycloak (via 
> keycloak's login page) and Twitter4j to authenticate a user with 
> Twitter and then obviously have my application authenticate and view 
> the users timeline, etc.
>
> I have configured the Identity Provider (Twitter), the realm and my 
> client application.
>
> I also have a Twitter application setup at apps.twitter.com and the 
> keys put into my twitter4j.properties file.
>
> So far, I am able to:
>
>  1. Go to my application's JSF webpage and get redirected to
>     Keycloak's /auth login page
>  2. Click the Twitter logo and login with my Twitter account (separate
>     account from the account that owns the Twitter application)
>  3. Complete the user information that Keycloak asks for
>  4. After completing the user information, Keycloak successfully
>     directs the user back to the client application (in this case, a
>     JSF page).
>
> The problem is, I can't figure out how to get access to the users 
> OAuth AccessToken and AccessTokenSecret to combine with the Twitter 
> application's ConsumerKey and ConsumerKeySecret.
>
> I'm trying to get the tokens from the FacesContext, but I suspect that 
> context would not have it.
>
> |HttpSessionhttpSession 
> =(HttpSession)facesContext.getExternalContext().getSession(false);KeycloakSecurityContextkeycloakContext 
> =(RefreshableKeycloakSecurityContext)httpSession.getAttribute(KeycloakSecurityContext.class.getName());------- 
> |
> Taking a page from the twitter broker demo, we used the 
> KeyCloakSecurityContext held in the FacesContext's HTTPSession to get 
> the Bearer token, dropped the demo's TwitterOAuthResponse class into 
> our project and made a REST call to the realm's twitter token endpoint 
> using the, but then we got a permission denied saying the client did 
> not have access to the identity providers token.
>
> Any help would be greatly appreciated!
>
>
> -- 
> Brooks Isoldi, Software Developer
>
> Traversed
> 7164 Columbia Gateway Drive, Suite 120A
> Columbia, MD 21046
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160517/5e9e1dd5/attachment.html 