[keycloak-dev] Keycloak.js - allow to provide custom adapters

Thu Mar 8 11:39:48 EST 2018

> Adding a way to pass in a custom adapter would be fine to add.

Thank you so much for that! This will help with so many issues and will
allow community (like myself) to experiment with different platforms like
ReactNative.

I created PR to show what I mean:
https://github.com/keycloak/keycloak/pull/5067

Change is really small and do not affect any current api.
I'm just adding additional option to library that could be available for
advanced use cases.
I'm happy to do further improvements in this area, but that PR will be
resolving main extensibility problem.

>  However, what is it that you actually want? To extend the Cordova
support to also be able to use the native browser (i.e. custom tabs on
Android, https://openid.github.io/AppAuth-Android/)?

Idea is to be able to use keycloak.js adapter and configure it to match
some security recommendations for mobile devices.
The main thing is to avoid using hardcoded localhost url in redirects and
to be able to redirects with protocol that will launch the application:

https://github.com/keycloak/keycloak-js-bower/blob/master/dist/keycloak.js#L1056
could use `yourapp://...` protocol instead.

This requires some additional setup and may not be suitable to be done
directly in the keycloak.js adapter.
Having this option will be good to produce ultra secure Cordova application
template and work with other mobile cross platform tools that keycloak team
do not need to care about.

>  If so that's something we would like to have directly.

Happy to contribute that change, but this will mean that setup for Cordova
will become more complex (additional plugins will be needed)
This will involve much more documentation updates and I was worried if I
will suggest that option it could be really hard to get that merged.
I would say this could be phase 2 of this work where actual adapters will
be available outside keycloak.js class and then they could be passed to
constructor.
Every adapter will require different arguments or even external plugins
(for Cordova etc.) and could have dedicated chapter in documentation.

To implement that for Cordova adapter an app identifier URL would also need
to be defined.
This will be used to perform redirects back to yourapp:// namespaces,
rather than just URL's.

Regards

On Thu, Mar 8, 2018 at 7:51 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> Adding a way to pass in a custom adapter would be fine to add. I think
> this is already supported though, but need to check code to confirm that
> (I'm travelling right now so can't do it now).
>
> However, what is it that you actually want? To extend the Cordova support
> to also be able to use the native browser (i.e. custom tabs on Android,
> https://openid.github.io/AppAuth-Android/)? If so that's something we
> would like to have directly.
>
> On 5 March 2018 at 15:25, Wojciech Trocki <wtr at redhat.com> wrote:
>
>> Hi
>>
>> I have been using keycloak.js for more than year mainly with the mobile
>> applications (Cordova).
>> Library is pretty well designed however there are some minor limitations
>> in
>> terms of what adapters could do.
>>
>> >From my point of view javascript library is missing ability to provide
>> some
>> custom implementations for adapters.
>> Additionally implementations are provided as objects so it's hard to see
>> and conform this undocumented interface.
>> I'm happy to contribute any changes that will make sense upstream.
>>
>> I have created issue to cover exact use case where this is needed:
>> https://issues.jboss.org/browse/KEYCLOAK-6798
>>
>> Adding this functionality will also make it trivial to implement support
>> for different mobile platforms like ReactNative etc.
>>
>> Regards
>> Wojtek
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>

-- 

WOJCIECH TROCKI

Red Hat Mobile <https://www.redhat.com/>

IM: wtrocki
<https://red.ht/sig>