[keycloak-user] Keycloak and desktop
stian at redhat.com
Wed Jun 10 03:28:06 EDT 2015
----- Original Message -----
> From: "Alik Kurdyukov" <akurdyukov at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Friday, 5 June, 2015 3:35:13 PM
> Subject: [keycloak-user] Keycloak and desktop
> I have a little question on integrating desktop application with Keycloak. I
> 1. Desktop application that is a client to (1) a non-web server application
> and (2) a web server application
> 2. Non-web server application
> 3. Web application that is a Keycloak client
> 4. Keycloak server
> I want to ask user to auth once with Keycloak (using native WPF window) and
> use token of some kind for both servers.
> The questions are
> 1. What API should desktop application use to auth user with Keycloak?
> (maybe, I need to read keycloak.js code?)
Look at the customer-app-cli and https://github.com/keycloak/keycloak/blob/master/integration/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java
KeycloakInstalled uses the desktop browser, but you should be able to easily modify it to use a native WPF window.
> 2. What API should non-web server use to verify token?
You can use org.keycloak.RSATokenVerifier from keycloak-core.
> 3. Can I use bearer token with keycloak client that has access type
> ‘confidential', not ‘bearer only’?
Not sure what you mean about this question, but the intention is that a 'confidential' client is an app that initiates a login, while the 'bearer only' is a service that verifies the token. In your case the desktop app would be a confidential client (or a public if the app is publicly available as you can't keep the client secret private in that case) and the non-web server aka services would be a 'bearer only'.
> Thank you for your work :)
> Best regards,
> Alik Kurdyukov
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
More information about the keycloak-user