<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi all,<br>
<br>
I'm having trouble getting access to the oauth tokens that should be
returned from the user authenticating with Twitter via the Keycloak
login page.<br>
<br>
FYI, this is cross-posted on SO
(<a class="moz-txt-link-freetext" href="http://stackoverflow.com/questions/37257623/accessing-user-oauth-tokens-returned-by-keycloak">http://stackoverflow.com/questions/37257623/accessing-user-oauth-tokens-returned-by-keycloak</a>).<br>
<br>
<p>-----<br>
I have a Keycloak (standalone) v1.9.4.Final install setup using
Wildfly 10 on an AWS instance and am trying to use keycloak (via
keycloak's login page) and Twitter4j to authenticate a user with
Twitter and then obviously have my application authenticate and
view the users timeline, etc.</p>
<p>I have configured the Identity Provider (Twitter), the realm and
my client application.</p>
<p>I also have a Twitter application setup at apps.twitter.com and
the keys put into my twitter4j.properties file.</p>
<p>So far, I am able to:</p>
<ol>
<li>Go to my application's JSF webpage and get redirected to
Keycloak's /auth login page</li>
<li>Click the Twitter logo and login with my Twitter account
(separate account from the account that owns the Twitter
application)</li>
<li>Complete the user information that Keycloak asks for</li>
<li>After completing the user information, Keycloak successfully
directs the user back to the client application (in this case, a
JSF page).</li>
</ol>
<p>The problem is, I can't figure out how to get access to the users
OAuth AccessToken and AccessTokenSecret to combine with the
Twitter application's ConsumerKey and ConsumerKeySecret.</p>
I'm trying to get the tokens from the FacesContext, but I suspect
that context would not have it.<br>
<br>
<pre style="" class="default prettyprint prettyprinted"><code><span class="pln"> </span><span class="typ">HttpSession</span><span class="pln"> httpSession </span><span class="pun">=</span><span class="pln"> </span><span class="pun">(</span><span class="typ">HttpSession</span><span class="pun">)</span><span class="pln"> facesContext</span><span class="pun">.</span><span class="pln">getExternalContext</span><span class="pun">().</span><span class="pln">getSession</span><span class="pun">(</span><span class="kwd">false</span><span class="pun">);</span><span class="pln">
</span><span class="typ">KeycloakSecurityContext</span><span class="pln"> keycloakContext </span><span class="pun">=</span><span class="pln"> </span><span class="pun">(</span><span class="typ">RefreshableKeycloakSecurityContext</span><span class="pun">)</span><span class="pln"> httpSession</span><span class="pun">.</span><span class="pln">getAttribute</span><span class="pun">(</span><span class="typ">KeycloakSecurityContext</span><span class="pun">.</span><span class="kwd">class</span><span class="pun">.</span><span class="pln">getName</span><span class="pun">());</span><span class="pln">
-------
</span></code></pre>
Taking a page from the twitter broker demo, we used the
KeyCloakSecurityContext held in the FacesContext's HTTPSession to
get the Bearer token, dropped the demo's TwitterOAuthResponse class
into our project and made a REST call to the realm's twitter token
endpoint using the, but then we got a permission denied saying the
client did not have access to the identity providers token.<br>
<br>
Any help would be greatly appreciated!<br>
<br>
<br>
<pre wrap="">--
Brooks Isoldi, Software Developer
Traversed
7164 Columbia Gateway Drive, Suite 120A
Columbia, MD 21046</pre>
<br>
</body>
</html>