<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Looks like you’re close. Did you make your Android client (in Keycloak) public or private? There’s a slight difference in how the code to token request is invoked depending on this.<div class=""><br class=""></div><div class="">Private client’s must authenticate to the token endpoint with HTTP basic authentication, public clients set the client ID as a form parameter.<br class=""><div class=""><br class=""></div><div class="">See: <a href="https://github.com/keycloak/keycloak/blob/1.7.x/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientIdAndSecretCredentialsProvider.java#L38" class="">https://github.com/keycloak/keycloak/blob/1.7.x/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientIdAndSecretCredentialsProvider.java#L38</a></div><div class="">See: <a href="https://github.com/keycloak/keycloak/blob/1.7.x/integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenManager.java#L51" class="">https://github.com/keycloak/keycloak/blob/1.7.x/integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenManager.java#L51</a></div><div class=""><br class=""></div><div class=""><br class=""><div class="">
<div class="">Scott Rossillo</div><div class="">Smartling | Senior Software Engineer</div><div class=""><a href="mailto:srossillo@smartling.com" class="">srossillo@smartling.com</a></div><div class=""><br class=""></div><div class=""><a href="https://app.sigstr.com/uc/55e5d41c6533390d03580000" id="campaignblock" target="_blank" style="box-sizing: border-box; color: rgb(0, 75, 118); outline-offset: -2px; font-family: gesta, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; widows: 1; background-color: rgb(255, 255, 255); outline: 0px !important;" class=""><img alt="Latest News + Events" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/img" style="box-sizing: border-box; border: 0px; vertical-align: top; max-width: 100%; height: auto; width: inherit; color: blue; font-family: Helvetica; font-size: 12px;" class=""></a><span style="color: rgb(169, 169, 169); font-family: gesta, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; widows: 1; background-color: rgb(255, 255, 255);" class=""></span><div id="watermark" style="box-sizing: border-box; color: rgb(169, 169, 169); font-family: gesta, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; widows: 1; background-color: rgb(255, 255, 255);" class=""><a href="http://www.sigstr.com/" style="box-sizing: border-box; color: rgb(0, 124, 194); text-decoration: none; background-color: transparent; outline: 0px !important;" class=""><img alt="Powered by Sigstr" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/watermark" style="box-sizing: border-box; border: 0px; vertical-align: top; max-width: 100%; height: auto; width: inherit; color: rgb(99, 99, 99); font-family: Helvetica; font-size: 11px;" class=""></a></div></div>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Jan 13, 2016, at 12:20 PM, Aritz Maeztu <<a href="mailto:amaeztu@tesicnor.com" class="">amaeztu@tesicnor.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="content-type" content="text/html; charset=windows-1252" class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
Hello everybody,<br class="">
<br class="">
I'm struggling to implement a keycloak login from my Android app.
What I want to do is to simulate what a browser does (request a
resource, be redirected to keycloak login page and get an access
token later on). From what I've seen from the OAuth2 protocol, I
need to firstly get the authorization code and later on request the
access token with that code. I wouldn't like my Android app to be
registered as a client itself, so I've registered my web service as
public.<br class="">
<br class="">
Here I start the intent to launch the Android browser pointing to
the keycloak authorization address (/openid-connect/auth):<br class="">
<br class="">
Intent i = new Intent(Intent.ACTION_VIEW,
Uri.parse(<a class="moz-txt-link-rfc2396E" href="http://192.168.0.230:8080/auth/realms/master/protocol/">"http://192.168.0.230:8080/auth/realms/master/protocol/"</a> +<br class="">
"openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=<a href="android://app" class="">android://app</a>"));<br class="">
startActivity(i);<br class="">
<br class="">
When I enter the credentials successfully, I'm given a code in the
redirection url, coming back to my app:<br class="">
<br class="">
Uri data = getIntent().getData();<br class="">
if (data != null) {<br class="">
String accessCode= data.getQueryParameter("code");<br class="">
System.out.println("Authorization code:" + accessCode);<br class="">
}<br class="">
<br class="">
The code looks like
bC8OM0TwfbhYouM34M3RY2aZRYTywXZVAvKFABgvVRc.693363de-d6b5-4f88-b545-c6603023ee4c<br class="">
<br class="">
Then I would like to get an access token with that code! I use a
Rest Template for that, making a POST request to the
/openid-connect/token endpoint:<br class="">
<br class="">
ResponseEntity rssResponse = template.exchange(<br class="">
<a class="moz-txt-link-rfc2396E" href="http://192.168.0.230:8080/auth/realms/master/protocol/">"http://192.168.0.230:8080/auth/realms/master/protocol/"</a> +<br class="">
"openid-connect/token?grant_type=authoritation_code&client_id=web_service&code="+accessCode,<br class="">
HttpMethod.POST,<br class="">
null,<br class="">
Object.class);<br class="">
<br class="">
However, I'm given a 401 unauthorized exception. What am I doing
wrong? Thanks in advanced ;-)<br class="">
<br class="">
<div class="moz-signature">-- <br class="">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252" class="">
<div class="moz-signature">
<table style="cellspadding: 0; width: 600; align: left;
border-collapse: collapse;" class="">
<tbody class="">
<tr class="">
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898;" class=""> <span style="font-weight:bold" class="">Aritz Maeztu Otaño</span><br class="">
<span style="font-size: 12px;" class="">Departamento Desarrollo
de Software</span> </td>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898; padding-left:
20px;" class=""> <a target="_blank" href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES" class="">
<span id="cid:part1.06000508.08070803@tesicnor.com"><linkdin.gif></span>
<!--<img src="linkdin.gif" border="0" />--> </a> </td>
</tr>
<tr class="">
<td class=""> <a target="_blank" href="http://www.tesicnor.com/" class=""> <span id="cid:part3.04060608.00070409@tesicnor.com"><logo.png></span>
<!--<img shrinktofit="true" src="logo.png" width="143" border="0" />-->
</a> </td>
<td style="font-size: 12px;" class=""><p style="padding-left: 20px;" class=""> <span class="">Pol. Ind.
Mocholi.</span> <span class="">C/Rio Elorz, Nave 13E </span><span style="font-weight:bold" class="">31110 Noain (Navarra)</span><br class="">
<span class="">Telf.: 948 21 40 40</span> <br class="">
<span class="">Fax.: 948 21 40 41</span> <br class="">
</p>
</td>
</tr>
<tr class="">
<td colspan="2" class=""> <span style="color: #009900;font-size:
12px;" class="">Antes de imprimir este e-mail piense bien si es
necesario hacerlo: El medioambiente es cosa de todos.</span>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
_______________________________________________<br class="">keycloak-user mailing list<br class=""><a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</div></blockquote></div><br class=""></div></div></body></html>