<div dir="ltr"><div class="" id="magicdomid34">Hey <span style="font-family:arial,sans-serif;font-size:12.8000001907349px">Sagar,</span></div><div class="" id="magicdomid22"><br></div><div class="" id="magicdomid61"><span class="">In AeroGear Android[1] land we have the same</span><span class=""> need</span><span class=""> to integrate with KeyCloak using OAuth2[2]. We are modularizing our library so keep in touch for the new Authz lib/module[3]. </span></div><div class="" id="magicdomid9"><br></div><div class="" id="magicdomid73"><span class="">In related news we</span><span class="">'re</span><span class=""> </span><span class="">planning</span><span class=""> to add Android Integration with KeyCloak using Android Account Manager[4] like we did in this PoC[5]</span><span class="">[6]</span><span class="">. We have more information about that in this thread[</span><span class="">7</span><span class="">]</span></div><div class="" id="magicdomid13"><br></div><div class="" id="magicdomid40"><span class="">[1] </span><span class=""><a href="http://github.com/aerogear/aerogear-android">http://github.com/aerogear/aerogear-android</a></span></div><div class="" id="magicdomid45"><span class="">[2] </span><span class=""><a href="http://aerogear.org/docs/guides/aerogear-android/authz/">http://aerogear.org/docs/guides/aerogear-android/authz/</a></span></div><div class="" id="magicdomid51"><span class="">[3] </span><span class=""><a href="https://github.com/aerogear/aerogear-android-authz">https://github.com/aerogear/aerogear-android-authz</a></span></div><div class="" id="magicdomid52"><span class="">[4] </span><span class=""><a href="http://developer.android.com/reference/android/accounts/AccountManager.html">http://developer.android.com/reference/android/accounts/AccountManager.html</a></span></div><div class="" id="magicdomid75"><span class="">[5] </span><span class=""><a href="https://plus.google.com/+SummersPittman/posts/WSFbdodMsej">https://plus.google.com/+SummersPittman/posts/WSFbdodMsej</a></span></div><div class="" id="magicdomid81"><span class="">[6] </span><span class=""><a href="https://github.com/secondsun/keycloak-android-authenticator">https://github.com/secondsun/keycloak-android-authenticator</a></span></div><div class="" id="magicdomid74"><span class="">[</span><span class="">7</span><span class="">] </span><span class=""><a href="http://lists.jboss.org/pipermail/keycloak-dev/2014-September/002589.html">http://lists.jboss.org/pipermail/keycloak-dev/2014-September/002589.html</a></span></div><div class="" id="magicdomid74"><br></div><div class="" id="magicdomid74">-- Passos</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 25, 2014 at 12:36 PM, Corinne Krych <span dir="ltr"><<a href="mailto:corinnekrych@gmail.com" target="_blank">corinnekrych@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hello Sagar,<br>
<br>
For Keycloak OAuth2, AeroGear provides a sdk, we have both Obj-C and Swift. Although lastest features goes in Swift version.<br>
<br>
1. AeroGear-iOS 1.6 targets obj-c code [1] with its associated test repo [2], [2bis]<br>
<br>
2. AeroGear 2.0 is modularized and based on Swift:<br>
aerogear-ios-http [3]<br>
aerogear-ios-oauth2 [4]<br>
Here you can find interesting access/refresh/revoke simple example:<br>
aerogear-ios-cookbook [5]<br>
aerogear-backend-cookbook [6]<br>
Note that 2.0 is on its way and should be release early October.<br>
http module (aerogear-ios-http coupled with aerogear-ios-oauth2) is taking care of refreshing implictly tokens for you.<br>
<br>
Some blog posts [7]. I’m actually going to write an update blog post for Swift version.<br>
Some links to go through.. Feedback welcome.<br>
<br>
++<br>
Corinne<br>
iOS AeroGear<br>
[1] <a href="https://github.com/aerogear/aerogear-ios" target="_blank">https://github.com/aerogear/aerogear-ios</a><br>
[2] <a href="https://github.com/aerogear/aerogear-ios-cookbook/tree/master/ProductInventory
[2bis" target="_blank">https://github.com/aerogear/aerogear-ios-cookbook/tree/master/ProductInventory<br>
[2bis</a>] <a href="https://github.com/aerogear/aerogear-integration-tests-server#oauth2-with-keycloak" target="_blank">https://github.com/aerogear/aerogear-integration-tests-server#oauth2-with-keycloak</a><br>
[3] <a href="https://github.com/aerogear/aerogear-ios-http" target="_blank">https://github.com/aerogear/aerogear-ios-http</a><br>
[4] <a href="https://github.com/aerogear/aerogear-ios-oauth2" target="_blank">https://github.com/aerogear/aerogear-ios-oauth2</a><br>
[5] <a href="https://github.com/aerogear/aerogear-ios-cookbook/tree/swift/ProductInventory" target="_blank">https://github.com/aerogear/aerogear-ios-cookbook/tree/swift/ProductInventory</a><br>
[6] <a href="https://github.com/corinnekrych/aerogear-backend-cookbook/tree/master/ProductInventory" target="_blank">https://github.com/corinnekrych/aerogear-backend-cookbook/tree/master/ProductInventory</a><br>
[7] <a href="http://corinnekrych.blogspot.fr/search/label/OAuth2" target="_blank">http://corinnekrych.blogspot.fr/search/label/OAuth2</a><br>
<div class=""><div class="h5"><br>
On 25 Sep 2014, at 15:32, Bill Burke <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>> wrote:<br>
<br>
> Sagar, I'm moving this to keycloak-dev list. See comments inline<br>
><br>
> On 9/25/2014 6:53 AM, Sagar Zond wrote:<br>
>> Hi,<br>
>><br>
>> We are planning to use KeyClock for OAuth authorization server for our<br>
>> API platform. Our understanding to KeyClock and OAuth is not very clear<br>
>> so need your help to properly utilize KeyClock features.<br>
>><br>
>> Just to introduce our self, we are a start-up firm and creating products<br>
>> for Health care domain. In our architecture we will have multiple Rest<br>
>> API servers and multiple types of client like mobile, web and publicly<br>
>> expose API. KeyCloak can be used as authentication and authorization<br>
>> server. We have already gone through most of KeyCloak tutorials.<br>
>><br>
>> Here are few points of which we need answer -<br>
>><br>
>> 1. API platform will be registered as application server on KeyClock and<br>
>> clients (mobile app, web app or other app) will be authorized by<br>
>> keyclock as per defined role. Is this a proper use case of KeyClock ?<br>
>><br>
><br>
> You'll have to elaborate. I don't know exactly what you are saying.<br>
> Your REST API server would be registered as a Keycloak "Application".<br>
> You can define roles per "Application" or at the Realm level (global roles).<br>
><br>
>> 2. How do we integrate OAuth into mobile app ? Where can we write token<br>
>> refresh logic?<br>
>><br>
><br>
> You can start off by defining an public "OAuth Client" per mobile app.<br>
> You can use the direct grant REST API to obtain a token, or, use mobile<br>
> redirects to login through the mobile's browser. I believe the Aerogear<br>
> project is doing some work around Keycloak IOS and Android clients, but<br>
> you'd have to ping them.<br>
><br>
>> 3. How we can add more fields in session? e.g. if we want to add more<br>
>> token in header which may contain some extra application specific<br>
>> encrypted data.<br>
>><br>
><br>
> Not sure what you mean. We don't have a nice way of adding claims to<br>
> the token at the moment.<br>
><br>
>> 4. We are currently using OpenDS Ldap for authentication and we already<br>
>> have number of registered users which currently using API. So we need<br>
>> Keyclock to be configured for OpenDS, so please suggested how to<br>
>> integrate OpenDS with KeyClock.<br>
>><br>
><br>
> We have LDAP integration:<br>
><br>
> <a href="http://docs.jboss.org/keycloak/docs/1.0.1.Final/userguide/html/user_federation.html#d4e1263" target="_blank">http://docs.jboss.org/keycloak/docs/1.0.1.Final/userguide/html/user_federation.html#d4e1263</a><br>
><br>
><br>
><br>
> --<br>
> Bill Burke<br>
> JBoss, a division of Red Hat<br>
> <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
> _______________________________________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
<br>
<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</div></div></blockquote></div><br></div></div>