<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Many thanks to all of you for the help. I'm so close to achieve it,
so I need some last tip (and think you can do even about not to have
mobile knowledge). That's the steps I've followed to authenticate a
user in a public client in the Android app:<br>
<br>
1- Launch a browser app pointing to keycloak's authorization site
for the client:<br>
<br>
Intent i = new Intent(Intent.ACTION_VIEW, Uri.parse(<a
class="moz-txt-link-rfc2396E"
href="http://192.168.0.230:8080/auth/realms/master/protocol/"><a class="moz-txt-link-rfc2396E" href="http://192.168.0.230:8080/auth/realms/master/protocol/">"http://192.168.0.230:8080/auth/realms/master/protocol/"</a></a>
+<br>
"openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=android://app"));<br>
startActivity(i);<br>
<br>
2- Retrieve the authorization code when coming back to my app and
ask for an access token:<br>
<br>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
RestTemplate template = new RestTemplate();<br>
template.getMessageConverters().add(new
FormHttpMessageConverter());<br>
template.getMessageConverters().add(new
MappingJackson2HttpMessageConverter());<br>
MultiValueMap<String, String> form = new
LinkedMultiValueMap<>();<br>
form.add("grant_type", "authorization_code");<br>
form.add("client_id", "edge");<br>
form.add("code", accessCode);<br>
form.add("redirect_uri", "tcheck://app");<br>
ResponseEntity rssResponse = template.postForEntity(<br>
<a class="moz-txt-link-rfc2396E" href="http://192.168.0.230:8080/auth/realms/master/protocol/openid-connect/token">"http://192.168.0.230:8080/auth/realms/master/protocol/openid-connect/token"</a>,<br>
form,<br>
AccessToken.class);<br>
<br>
I'm passing the parameters in the request body as
x-www-form-urlencoded and it works. I do get an access token, with
this format:<br>
<br>
{<br>
"access_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5OTEzYmRjOS1jZmI0LTRlZjAtYTcxYy0yYWUwYmQ3MTkwZDkiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlZGdlIiwic2Vzc2lvbl9zdGF0ZSI6IjdkZDVhZDdiLWQwYWItNGZiYS1iOWNiLWYzNjYxYTk5NGU3OSIsImNsaWVudF9zZXNzaW9uIjoiZDg2MzY1NjctMzg2MS00NjU5LTg0ZjItMDZjYmM5YTI3YTU1IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlNVUEVSX0FETUlOIiwiY3JlYXRlLXJlYWxtIiwiVklFV19PUkdBTklaQVRJT04iLCJST0xFX1RDSEVDS19TVVBFUl9BRE1JTiIsIlJPTEVfVENIRUNLX0FETUlOIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwidmlldy1ldmVudHMiLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGl
lbnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.GMoAPe9aUQBRign5J0TvOt4tg1SWwyfJkvJjuWDZ_Ayj3GBnFjhgbjb5qLreKsm87NHymPcpvCv7uHkKJRsx44TjC0514O0oBSiVIiKfcJdbE-y7nPplzYAJF6I2JlsQkw9Na67vNSvhsBNg6AfBop4xpAF9HtTU7Ca7gFwOS01bgDRO09WlJYivzOd5t-vQGNwRVlTqaCstIMiBLaUfdkc82DNQwnoP5VO9R7xZn-7O5BE288_CX0C2V96_vooIoTbB3Qoa-gV6f3s6ZSyJnRGBgoe_2QY3mjCBarFQ_mKH_sbF2qMpm-a5igoNoD_3Xlc7iluP206ZJdQn4NZdQg",<br>
"expires_in" : 60,<br>
"refresh_expires_in" : 1800,<br>
"refresh_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkOTBmNzY5Ni00NDIwLTQ3NDUtYmQ3NS01Y2Q4MDNlMWY0YjQiLCJleHAiOjE0NTI3NzY3ODQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6bnVsbCwic3ViIjoiYTcxNDcwMTUtMzVjNi00YWVhLWIzYzgtYTU2NWU0OWI3MmQ5IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImVkZ2UiLCJzZXNzaW9uX3N0YXRlIjoiN2RkNWFkN2ItZDBhYi00ZmJhLWI5Y2ItZjM2NjFhOTk0ZTc5IiwiY2xpZW50X3Nlc3Npb24iOiJkODYzNjU2Ny0zODYxLTQ2NTktODRmMi0wNmNiYzlhMjdhNTUiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiU1VQRVJfQURNSU4iLCJjcmVhdGUtcmVhbG0iLCJWSUVXX09SR0FOSVpBVElPTiIsIlJPTEVfVENIRUNLX1NVUEVSX0FETUlOIiwiUk9MRV9UQ0hFQ0tfQURNSU4iLCJhZG1pbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7Im1hc3Rlci1yZWFsbSI6eyJyb2xlcyI6WyJtYW5hZ2UtZXZlbnRzIiwidmlldy1yZWFsbSIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsImltcGVyc29uYXRpb24iLCJ2aWV3LWV2ZW50cyIsImNyZWF0ZS1jbGllbnQiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sImFjY291bnQiOnsicm9
sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.OZkivKxU1HJecrqKb1KDSabakruHJLUaUpNOy_DY7UW1R-4Qv6kLnPy_3soeRPP0FwYNrjzNMw94S-naE8JNCD91LqTTEyJ6o6q_1LDiDbVbfsKeyRkJDZDAbHUYtY-r35z_21SqdHxzzMcero6DoCpFaGOZZFQ86FZD7NiRE3oVzCIz1VJAFBIsSjH0W5_UQa2CEEIOxDanPnhbtdB8XZ6oQeKPB15AvobCgukvWcDufmCeJpUMcIjaTcnBdXRz6MIOp6VjQ5SyqJzn7jja8ILs3zEd8eeocAIix8Gv1CRs6PWBtWZJDss_fh4A8R2guKRBcFwQIeoncFgQeFeaoA",<br>
"token_type" : "bearer",<br>
"id_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0OTUyOGQxNS1kZmEyLTQ1YTUtYjJiYy1hNzZhY2E2M2IwYjEiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJJRCIsImF6cCI6ImVkZ2UiLCJzZXNzaW9uX3N0YXRlIjoiN2RkNWFkN2ItZDBhYi00ZmJhLWI5Y2ItZjM2NjFhOTk0ZTc5IiwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.yOs1HGLQyV33ihDIzL4CiKlKj58zlZzNpJizOlWXg59DkdnL1W5RIT4-Jw5VToy267gWv1o0XIwI2oCVHjbaXKgWZzt7NlVdGnNyGL19VQUPlISlMyyoOhaBGufC4JycQ6BrQh0fnMYUVQOvGE6HGnVwUbrLHiVL579AVhUSmVZ052fzN4VySpm03L7eQBt6BTKMo_7fmL39WvdwY2gEhoi6rz2P8cXp8vbidwqb4nNF7C1wfM7GYgbO-1yaMq_c4JiOoga9YswD68XvKpjjwVZs2WvHpvwZrQjfiqa6EtxkTeRYncMW-RutB8P09wJ3WRaBooDreVBMFB2Tw6nWnQ",<br>
"not-before-policy" : 1452694301,<br>
"session-state" : "7dd5ad7b-d0ab-4fba-b9cb-f3661a994e79"<br>
}<br>
<br>
I now finally want to access some resource. As docs state, the only
thing I want to do is to pass that access token in the Authorization
header, starting with the Bearer keyword:<br>
<br>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
HttpHeaders headers = new HttpHeaders();<br>
headers.set("Authorization", "Bearer " +
token.getToken());<br>
HttpEntity<String> entity = new
HttpEntity<>("parameters", headers);<br>
ResponseEntity rssResponse = template.exchange(<br>
<a class="moz-txt-link-rfc2396E" href="http://192.168.0.230:8765/organization/organizations">"http://192.168.0.230:8765/organization/organizations"</a>,<br>
HttpMethod.GET,<br>
entity,<br>
OrganizationExchangeSet.class);<br>
<br>
But I get 401 Unauthorized from keycloak. If I do the GET request
using Postman, I get the Unauthorized code too:<br>
<br>
Request:<br>
<br>
<i>Url:</i><br>
<br>
<a class="moz-txt-link-freetext" href="http://192.168.0.230:8765/organization/organizations">http://192.168.0.230:8765/organization/organizations</a><br>
<br>
<i>Headers:</i><br>
<br>
Authorization: Bearer
eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5OTEzYmRjOS1jZmI0LTRlZjAtYTcxYy0yYWUwYmQ3MTkwZDkiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlZGdlIiwic2Vzc2lvbl9zdGF0ZSI6IjdkZDVhZDdiLWQwYWItNGZiYS1iOWNiLWYzNjYxYTk5NGU3OSIsImNsaWVudF9zZXNzaW9uIjoiZDg2MzY1NjctMzg2MS00NjU5LTg0ZjItMDZjYmM5YTI3YTU1IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlNVUEVSX0FETUlOIiwiY3JlYXRlLXJlYWxtIiwiVklFV19PUkdBTklaQVRJT04iLCJST0xFX1RDSEVDS19TVVBFUl9BRE1JTiIsIlJPTEVfVENIRUNLX0FETUlOIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwidmlldy1ldmVudHMiLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGll
bnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.GMoAPe9aUQBRign5J0TvOt4tg1SWwyfJkvJjuWDZ_Ayj3GBnFjhgbjb5qLreKsm87NHymPcpvCv7uHkKJRsx44TjC0514O0oBSiVIiKfcJdbE-y7nPplzYAJF6I2JlsQkw9Na67vNSvhsBNg6AfBop4xpAF9HtTU7Ca7gFwOS01bgDRO09WlJYivzOd5t-vQGNwRVlTqaCstIMiBLaUfdkc82DNQwnoP5VO9R7xZn-7O5BE288_CX0C2V96_vooIoTbB3Qoa-gV6f3s6ZSyJnRGBgoe_2QY3mjCBarFQ_mKH_sbF2qMpm-a5igoNoD_3Xlc7iluP206ZJdQn4NZdQg<br>
<br>
<i>Response:</i><br>
<br>
{<br>
"timestamp": 1452784544622,<br>
"status": 401,<br>
"error": "Unauthorized",<br>
"message": "Unable to authenticate bearer token",<br>
"path": "/organization/organizations"<br>
}<br>
<br>
How to solve this?<br>
<br>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div class="moz-signature">
<table style="cellspadding: 0; width: 600; align: left;
border-collapse: collapse;">
<tbody>
<tr>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898;"> <span
style="font-weight:bold">Aritz Maeztu Otaño</span><br>
<span style="font-size: 12px;">Departamento Desarrollo
de Software</span> </td>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898; padding-left:
20px;"> <a target="_blank"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES">
<img src="cid:part2.04040402.00070607@tesicnor.com"
border="0">
<!--<img src="linkdin.gif" border="0" />--> </a> </td>
</tr>
<tr>
<td> <a target="_blank" href="http://www.tesicnor.com"> <img
shrinktofit="true"
src="cid:part4.08060005.08000406@tesicnor.com"
border="0" width="143">
<!--<img shrinktofit="true" src="logo.png" width="143" border="0" />-->
</a> </td>
<td style="font-size: 12px;">
<p style="padding-left: 20px;"> <span>Pol. Ind.
Mocholi.</span> <span>C/Rio Elorz, Nave 13E </span><span
style="font-weight:bold">31110 Noain (Navarra)</span><br>
<span>Telf.: 948 21 40 40</span> <br>
<span>Fax.: 948 21 40 41</span> <br>
</p>
</td>
</tr>
<tr>
<td colspan="2"> <span style="color: #009900;font-size:
12px;">Antes de imprimir este e-mail piense bien si es
necesario hacerlo: El medioambiente es cosa de todos.</span>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</body>
</html>