<div dir="ltr">Didn't send to all.<br><br><div class="gmail_quote"><div dir="ltr">---------- Forwarded message ---------<br>From: Emanuel Couto <<a href="mailto:emanuel.amaral.couto@gmail.com">emanuel.amaral.couto@gmail.com</a>><br>Date: Fri, Apr 22, 2016 at 3:12 PM<br>Subject: Re: [keycloak-user] Keycloak login/logout on Android<br>To: Summers Pittman <<a href="mailto:supittma@redhat.com">supittma@redhat.com</a>><br></div><br><br><div dir="ltr">Hello.<div><br></div><div>I managed to get logout working with another client: <span style="line-height:1.5"><a href="https://github.com/openid/AppAuth-Android" target="_blank">https://github.com/openid/AppAuth-Android</a></span></div><div><br></div><div>---</div><div><br></div><div>It is easy to get the demo working with Keycloak. In the Keycloak admin page<span style="line-height:1.5">:</span></div><div>1. Create a Realm (e.g., "test")</div><div>2. Create a Client with redirect URI (e.g., "com.mypackage:/oauth2Callback")</div><div><br></div><div>In the demo application, update the "idp_configs.xml" file:</div><div>1. Update the value of "google_client_id" (e.g, "test-third-party)</div><div>2. Update redirect scheme (e.g., "com.mypackage")</div><div>3. Update the "google_auth_redirect_uri" (e.g., "com.mypackage:/oauth2Callback")</div><div><br></div><div>Finally update the "idp_configs_optional.xml":</div><div>1. Update "google_discovery_url" (e.g., <a href="http://localhost:8080/auth/realms/test/.well-known/openid-configuration" target="_blank">http://localhost:8080/auth/realms/test/.well-known/openid-configuration</a>)</div><div><br></div><div>---</div><div><br></div><div>The tricky part is adding logout, since it's not part of Open ID Connect yet.</div><div>What I did was use the same mechanism appauth-android uses for authentication. Instead of using a webview this client uses custom tabs or a new browser session. The code is not designed to support other "browser requests" other than authentication so a lot of copy/pasting was required. Anyway it should give an idea how to make it work.</div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Apr 20, 2016 at 11:17 PM Emanuel Couto <<a href="mailto:emanuel.amaral.couto@gmail.com" target="_blank">emanuel.amaral.couto@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Ok, this is what I have to far. I confirmed that deleteAccount isn't enough. By deleting the account and attempting to connect again, the login webview shows up but disappears right afterwards. <span style="line-height:1.5">I suspect the Android application knows that you are still logged in because the webview stores cookies somehow.</span><div><span style="line-height:1.5"><br></span></div><div><span style="line-height:1.5">If I call </span><span style="line-height:1.5">GET <logout_url> with an HTTP client, nothing happens. The keycloak administration page shows that I'm still logged in. I believe logout would only work if everything was being executed in the same HTTP client instance.</span><div><div><span style="line-height:1.5"><br></span></div><div><span style="line-height:1.5">I'm trying another client that seems to give more control over current status. Hopefully logout will work.</span><div><div><div><div><div><br></div><div>Thanks.</div></div></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Apr 20, 2016 at 1:51 PM Summers Pittman <<a href="mailto:supittma@redhat.com" target="_blank">supittma@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Apr 20, 2016 at 5:20 AM, Emanuel Couto <span dir="ltr"><<a href="mailto:emanuel.amaral.couto@gmail.com" target="_blank">emanuel.amaral.couto@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Does that mean I should send the bearer token if I want to logout a specific user? If that's it how do I do it?</div></blockquote><div><br></div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>OAuth2 (which is what the AG Authz lib implements) doesn't specify a logoff procedure so it isn't supported directly in the library.</div><div><br></div><div>Your best out of the box option is to delete the account using the <span style="color:rgb(121,93,163);font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:12px;line-height:16.8px;white-space:pre-wrap">deleteAccount </span>method on your module. This will remove the local access to the account and eventually your tokens will expire on the server.</div><div><br></div><div>As a note : delete account does NOT guarantee to delete session cookies for the third party sign in. IE if you use Chrome to sign into your google account to sign into keycloak, delete your account, and then log in again you will not be prompted for your google credentials because that sign in is part of Chrome's session and not the app's.</div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>The customer and products demos are here:</div><div><a href="https://github.com/keycloak/keycloak/tree/master/examples/demo-template/customer-app" target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/demo-template/customer-app</a></div><div><a href="https://github.com/keycloak/keycloak/tree/master/examples/demo-template/product-app" target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/demo-template/product-app</a></div><div><br></div><div>In the documentation page there is a 3 part tutorial (The Basics) explaining how to install these apps:</div><div><a href="http://keycloak.jboss.org/docs" target="_blank">http://keycloak.jboss.org/docs</a></div><div><br></div><div>Everything is web based.</div><div><br></div><div>Thanks.</div><div><div><div><br><div class="gmail_quote"><div dir="ltr">On Tue, Apr 19, 2016 at 6:31 PM Summers Pittman <<a href="mailto:supittma@redhat.com" target="_blank">supittma@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Apr 19, 2016 at 1:01 PM, Emanuel Couto <span dir="ltr"><<a href="mailto:emanuel.amaral.couto@gmail.com" target="_blank">emanuel.amaral.couto@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hello.<div><br></div><div>I'm trying to login and logout to KeyCloak through an Android application. So far I was able to login using AeroGear Authz. What happens is that a web view is created every time login is required. However I don't understand how logout works. In the documentation it states that you should point to 'auth/realms/.../logout'. How does it figure out which client am I? Through a session or maybe cookies?</div></div></blockquote><div><br></div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>It has been a while since I looked at the code, but IIRC AeroGear authz stores the bearer token that has been exchanged with the webview.</div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div></div><div>The other question is how would customer-portal and product-portal be implemented in android, theoretically?</div></div></blockquote></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>I'm not familiar with those, could you link me? </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div></div>
</blockquote></div></div></div></div></div>
</blockquote></div></div></div></blockquote></div></blockquote></div></div></div>