[keycloak-user] Login to Keycloak using API and create KeycloakPrincipal object

Chris Savory chris.savory at edlogics.com
Mon Oct 10 09:30:13 EDT 2016 

I actually had a similar question for our register user workflow.  We are registering users on our site using our own custom registration form; in this flow we use the Admin client to create the user in keycloak.  Since the user just gave us their un/pw it doesn’t make sense for us to send them over to Keycloak to login, but rather we would like to passively log them in either via the backend or via some ajax call.  

I know I can get a token if I do something like this, but I’m not sure if it’s going to drop all the right cookies back to the user’s browser to consider them logged in across all the clients:

curl   -d "client_id=admin-cli"   -d "username=chris.savory at edlogics.com"   -d "password=password"   -d "grant_type=password"   "<domain>/auth/realms/<realm>/protocol/openid-connect/token"

--

On 10/10/16, 3:23 AM, "keycloak-user-bounces at lists.jboss.org on behalf of Stian Thorgersen" <keycloak-user-bounces at lists.jboss.org on behalf of sthorger at redhat.com> wrote:

    By using token directly I assume you mean exchanging username/password for
    a token directly. I'd strongly recommend against this and it's not
    something our adapters support directly.
    
    On 4 October 2016 at 15:36, Mariusz Chruscielewski - Info.nl <
    mariusz at info.nl> wrote:
    
    > Hi. We are using Keycloak Tomcat Adapter to secure our webapp, after we
    > access protected resource we are redirected to keycloak and after login we
    > go back to our app. After that, we can get KeycloakPrincipal object from
    > web context (request).
    >
    > Is there a way to create / get this object without using Tomcat Adapter ?
    > We want to make API call (like http://keycloak/auth/realms/
    > vi/protocol/openid-connect/token) and get (or create manually) this
    > object using AccessTokenResponse (or any other object we can get from API).
    >
    > Ultimate goal is to login to keycloak like adapter does, but directly from
    > Java, without any interaction from user on keycloak forms.
    >
    > Is it even possible?
    >
    > Kind Regards,
    >
    > Mariusz Chruscielewski
    >
    >
    >
    > _______________________________________________
    > keycloak-user mailing list
    > keycloak-user at lists.jboss.org
    > https://lists.jboss.org/mailman/listinfo/keycloak-user
    >
    _______________________________________________
    keycloak-user mailing list
    keycloak-user at lists.jboss.org
    https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list