<div dir="ltr">I am wondering how you do that. I know that there is a state parameter that is added to the facebook login url, but I could just make an initial request to keycloak to copy that, or did I understand something wrong?<br></div><div class="gmail_extra"><br><div class="gmail_quote">2014-12-03 9:22 GMT+01:00 Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It's code that is currently changing as we're working on adding enterprise IdP's as well as social IdP's we have at the moment.<br>
<br>
I think the correct approach would be to use the direct grant api, which currently lets you exchange a username + password for a Keycloak token, we could add an option here to pass in a token from an external IdP to exchange for a internal Keycloak token. If you're interested in looking at the code look at OpenIDConnectService.grantAccessToken.<br>
<br>
There's no work-around that you can do due to security restrictions in Keycloak. Keycloak makes sure that the callback can only be called if it indeed made the original request.<br>
<span class=""><br>
----- Original Message -----<br>
> From: "Christian Beikov" <<a href="mailto:christian.beikov@gmail.com">christian.beikov@gmail.com</a>><br>
</span><div><div class="h5">> To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> Sent: Wednesday, 3 December, 2014 9:11:55 AM<br>
> Subject: Re: [keycloak-dev] Login with Access Token<br>
><br>
> Thanks for the quick answer. Could you maybe give me a hint on how I could<br>
> implement that in a quick-and-dirty way? Could I maybe do some iframe magic<br>
> in a hidden webview to do the login? I am not quite sure how the social<br>
> login works exactly. Facebook will redirect me back to the social callback<br>
> address after a login, but how does keycloak actually retrieve that access<br>
> token? If I knew that, I could maybe create a workaround for now and maybe<br>
> also contribute something? :)<br>
><br>
> 2014-12-03 8:48 GMT+01:00 Stian Thorgersen <<a href="mailto:stian@redhat.com">stian@redhat.com</a>>:<br>
><br>
> ><br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Christian Beikov" <<a href="mailto:christian.beikov@gmail.com">christian.beikov@gmail.com</a>><br>
> > > To: <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> > > Sent: Tuesday, 2 December, 2014 6:58:42 PM<br>
> > > Subject: [keycloak-dev] Login with Access Token<br>
> > ><br>
> > > Hello!<br>
> > ><br>
> > > I am new to OAuth so sorry if my question is dumb.<br>
> > > I have an App which wants to provide a custom and Facebook login. Since<br>
> > many<br>
> > > people already have the Facebook App installed, I thought it might be<br>
> > better<br>
> > > to give them the native experience and use the Facebook SDK to implement<br>
> > the<br>
> > > login.<br>
> > > The problem now is, that I have the Access Token from the successful<br>
> > Facebook<br>
> > > login, but don't know how to properly login at the Keycloak server with<br>
> > > that.<br>
> > ><br>
> > > Any ideas on how to do that? Or is that even stupid and is there a better<br>
> > > way?<br>
> ><br>
> > Not at all a dumb question and we actually had someone else ask the same<br>
> > last week.<br>
> ><br>
> > Currently, Keycloak does not support this flow, but it something we may<br>
> > consider adding.<br>
> ><br>
> > > --<br>
> > ><br>
> > > Mit freundlichen Grüßen,<br>
> > ><br>
> > > Christian Beikov<br>
> > ><br>
> > > _______________________________________________<br>
> > > keycloak-dev mailing list<br>
> > > <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
> ><br>
><br>
><br>
><br>
> --<br>
><br>
> Mit freundlichen Grüßen,<br>
><br>
><br>
</div></div>> *Christian Beikov*Blazebit Design & Developing<br>
> <a href="http://www.blazebit.com" target="_blank">http://www.blazebit.com</a><br>
><br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><br>Mit freundlichen Grüßen,<br><br><b>Christian Beikov<br></b>Blazebit Design & Developing<br><a href="http://www.blazebit.com" target="_blank">http://www.blazebit.com</a></div></div>
</div>