[keycloak-user] Keycloak & API for users to create their own accounts (from iOS)
scott at morgiij.com
Wed Nov 16 15:06:10 EST 2016
I suspect this was too much to digest for most (which is fine) - and I’ve also learned to use plain text from now on. I’ve since been able to go a a different route with a service-protected client for the “Create Account” part.
The only question I have at the moment is how exactly to fold in/use Identity “Mappers”. Has anyone seen any documentation/examples of using these?
> On Nov 15, 2016, at 9:47 AM, Scott Corscadden <scott at morgiij.com> wrote:
> Hello everyone. Fairly new to the list and the Keycloak technology, so I appreciate your patience. I dislike cross-posting, so I have *not* added aerogear-users at lists.jboss.org <mailto:aerogear-users at lists.jboss.org>, but suspect I’ll need some input from that side as well. Corinne, I have added you as I suspect you’d be able to decide if I should CC it in. The background:
> I’d like to use a Keycloak (2.3.0) deployed instance to abstract user account management, including Facebook/Google/LinkedIn/etc Identity providers. I’ve been able to set up this instance & link it to Facebook without too much trouble; I can log into the keycloak website as a Facebook user. Nginx is being used as the SSL reverse proxy.
> The primary “client” is an iOS application, which needs to read graph information from said providers if available. I’ve been able to find a swift 3 fork of the wonderful "aerogear-ios-oauth2” library. A minor change to not assume the Bundle Id can be used as the redirectURL protocol (mine contains dots and dashes, which seems to cause the server to reject with “invalid redirect_url”) and hooray! I can authenticate against Facebook-into-keycloak, receive an Authorization Code, and “exchangeAuthorizationCodeForAccessToken” successfully.
> The two problems I am trying to solve (I’ve been trying to find documentation but may be miserably bad at finding it):
> Ideally I’m only asking keycloak for graph information (name, address, etc). Thus I *suspect* this is what the “Mappers” section is needed per Identity Provider? Is that right, or not necessary?
> The iOS app will have a native “Create account” screen with native Email & Password fields. I’d like to make either an Oauth2 call, or HTTPS POST call to keycloak to do that. I do see the “Create a new user <http://www.keycloak.org/docs/rest-api/index.html#_create_a_new_user>” link, but so far I only see a “temporary password” api. Obviously I could use a native WebView and fill the fields manually but that doesn’t feel quite right.
> Any suggestions here are very, very welcome, and thanks for reading this far.
> I’m very impressed so far with both keycloak and the aerogear Oauth2 library.
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
More information about the keycloak-user