[keycloak-user] Authorization code flow without a browser

Aikeaguinea aikeaguinea at xsmail.com
Wed Apr 27 12:46:05 EDT 2016 

Yes, we could do this -- my impression though was that the auth code
flow is considered more secure. (I admit I'm not entirely sure how the
Keycloak implicit grant flow differs from direct access grants --
whenever I look at OAuth documentation it just mentions the explicit and
implicit flows.)  

On Wed, Apr 27, 2016, at 12:14 PM, Bill Burke wrote:
> Ues direct grants?
> 
> On 4/27/2016 11:17 AM, Aikeaguinea wrote:
> > As I understand it, using the authorization code flow rather than the
> > implicit flow is recommended where possible.
> >
> > We have a server-side client application, but the user agents making
> > requests are not browsers, but instead our own code.
> >
> > I'm not entirely sure how to make the authorization code flow work
> > without a browser. For instance, if on the command line I request
> >
> > curl
> > 'http://host:port/auth/realms/foo/protocol/openid-connect/auth?response_type=code&client_id=test-client&state=state&redirect_uri=http://www.example.com/hello-world'
> >
> > Then (assuming the parameters are correct) I get back an HTML login page
> > with a form. In order to submit the credentials, I would need to dig the
> > URL out of the action of the form and then submit a request like
> >
> > curl -X POST -d 'username=test-user' -d 'password=test1234'
> > 'http://host:port/auth/realms/foo/login-actions/authenticate?code=Ctr79aRsbwPPkC4nEeT2vR9-TuC31uuXngQXoHQH6FE.ef26cfcd-a35b-4d1e-a4f7-49790f6e2f00&execution=a86f56da-9900-4f1d-a461-f18617a2333b'
> >
> > Three questions:
> > 1. Is there some reason I shouldn't be trying to implement the
> > authorization code flow like this?
> >
> > 2. Is there a way to get the proper login action back without having to
> > dig it out of an HTML form? I've tried adding --header "Accept:
> > application/json" to the command but this has no effect.
> >
> > 3. Is there a way of submitting credentials other than by using form
> > parameters? I've tried HTTP basic auth but it doesn't work for me.
> >
> 
> -- 
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


-- 
  Aikeaguinea
  aikeaguinea at xsmail.com

-- 
http://www.fastmail.com - Access all of your messages and folders
                          wherever you are

More information about the keycloak-user mailing list