<div dir="ltr">Thanks Marek<div><br></div><div>I saw <a href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java#L54">here</a> app gains the accessToken, but did not see where this `/auth` api is implemented. I want to learn how to I do the same thing of exposing `/auth` api to generate tokens</div>
<div><br></div><div>I did not see anything in <a href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/pom.xml">pom.xml</a> either. seems like magic to me at the moment. Any guidance here?</div>
<div><br></div><div>Thanks</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jul 29, 2014 at 12:25 AM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi,<br>
<br>
the best is to start with documentation
<a href="http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/index.html" target="_blank">http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/index.html</a>
and also look at existing examples
<a href="https://github.com/keycloak/keycloak/tree/master/examples" target="_blank">https://github.com/keycloak/keycloak/tree/master/examples</a> .
Probably most useful for you might be
<a href="https://github.com/keycloak/keycloak/tree/master/examples/demo-template" target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/demo-template</a>
. It has restful application "database-service", where you can
send secured REST requests with the bearer token attached to them.
Other applications in the directory are web applications, which
obtain bearer token from the Keycloak login . Product-portal and
customer-portal are JEE applications secured by Keycloak itself,
third-party and third-party-cdi is more traditional OAuth where
token is used just to retrieve the secured data from
"database-service" . See the README for more info. <br>
<br>
Example for CORS support is here:
<a href="https://github.com/keycloak/keycloak/tree/master/examples/cors" target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/cors</a><br>
<br>
Marek<div><div class="h5"><br>
<br>
On 25.7.2014 23:04, Harit Himanshu wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr"><span style="font-family:arial,sans-serif;font-size:13px">Hey Team,</span>
<div style="font-family:arial,sans-serif;font-size:13px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:13px">I am
been looking for answer to <a href="http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis" target="_blank">http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis</a> and
found that keycloak is suitable for securing REST APIs using
OAuth 2.0.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:13px">I am
looking for example where the following is demonstrated</div>
<div style="font-family:arial,sans-serif;font-size:13px">
a.) Third-party app registers and gets Access Token</div>
<div style="font-family:arial,sans-serif;font-size:13px">b.)
Third-Party app accesses Resource Server to access protected
resource by sending Access Token to REST API</div>
<div style="font-family:arial,sans-serif;font-size:13px">c.) and
How Token is validated.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:13px">It is
mentioned in features of keycloak as </div>
<div style="font-family:arial,sans-serif;font-size:13px">
<ul style="margin:0px;padding:10px 0px 10px 15px;color:rgb(119,119,119);font-family:Helvetica,Arial,sans-serif;font-size:12px;line-height:18px">
<li style="margin-left:5px;list-style:none;padding:0px 0px 0px 20px;background:url(https://static.jboss.org/theme/images/magnolia/check-sprite.gif) 0px -124px no-repeat scroll transparent">OAuth Bearer
token auth for REST Services</li>
<li style="margin-left:5px;list-style:none;padding:0px 0px 0px 20px;background:url(https://static.jboss.org/theme/images/magnolia/check-sprite.gif) 0px -124px no-repeat scroll transparent"><span style="background-color:transparent">OAuth 2.0 Grant
requests</span></li>
<li style="margin-left:5px;list-style:none;padding:0px 0px 0px 20px;background:url(https://static.jboss.org/theme/images/magnolia/check-sprite.gif) 0px -124px no-repeat scroll transparent">CORS Support</li>
</ul>
</div>
<div style="font-family:arial,sans-serif;font-size:13px">
Can you please guide me through examples?</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:13px">Thank
you</div>
<div style="font-family:arial,sans-serif;font-size:13px">
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Jul 25, 2014 at 2:00 PM, Harit
Himanshu <span dir="ltr"><<a href="mailto:harit.subscriptions@gmail.com" target="_blank">harit.subscriptions@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hey Team,
<div><br>
</div>
<div>I am been looking for answer to <a href="http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis" target="_blank">http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis</a>
and found that keycloak is suitable for securing REST
APIs using OAuth 2.0.</div>
<div><br>
</div>
<div>I am looking for example where the following is
demonstrated</div>
<div>a.) Third-party app registers and gets Access Token</div>
<div>b.) Third-Party app accesses Resource Server to
access protected resource by sending Access Token to
REST API</div>
<div>c.) and How Token is validated.</div>
<div><br>
</div>
<div><br>
</div>
<div>It is mentioned in features of keycloak as </div>
<div>
<ul style="margin:0px;padding:10px 0px 10px 15px;color:rgb(119,119,119);font-family:Helvetica,Arial,sans-serif;font-size:12px;line-height:18px">
<li style="list-style:none;margin-left:5px;padding:0px 0px 0px 20px;background:url(https://static.jboss.org/theme/images/magnolia/check-sprite.gif) 0px -124px no-repeat scroll transparent">OAuth
Bearer token auth for REST Services</li>
<li style="list-style:none;margin-left:5px;padding:0px 0px 0px 20px;background:url(https://static.jboss.org/theme/images/magnolia/check-sprite.gif) 0px -124px no-repeat scroll transparent"><span style="background-color:transparent">OAuth 2.0
Grant requests</span></li>
<li style="list-style:none;margin-left:5px;padding:0px 0px 0px 20px;background:url(https://static.jboss.org/theme/images/magnolia/check-sprite.gif) 0px -124px no-repeat scroll transparent">CORS
Support</li>
</ul>
</div>
<div>
Can you please guide me through examples?</div>
<div><br>
</div>
<div>Thank you</div>
<span><font color="#888888">
<div>+ Harit Himanshu</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>