<tldr>DEVELOPERS WILL NEVER HAVE TO WRITE ANOTHER LINE OF AUTH LOGIC AGAIN!</tldr> Over the weekend I tried my hand at writing a Android Account Authenticator for KeyCloak. This lets Android manage the KeyCloak account, fetch tokens, provide tokens to other apps etc. KeyCloak Authenticator let's you drop your keycloak.json file into an apk and access your KeyCloak Account with one line of code from any application on your Android device. Right now this is very much in the "I have an itch needing scratching" phase. It doesn't do any robust error handling, hasn't been testing off the golden scenario, has no integration with any of the AeroGear stuff, etc. Take a moment to watch the Demo and look at the demo project. Video Demo : https://plus.google.com/103442292643366117394/posts/WSFbdodMsej The Demo video uses Android's native account menu to request from the authenticator a KeyCloak account. This launches the authenticator's activity which will retrieve the credentials for Android and store them. When I am back in the settings page and showing off the stored account, this is all native Android UI and not part of the KeyCloak authenticator. When I launch the Demo application this is a separate application from the authenticator apk. The Demo project fetches the KeyCloak account from Android and gets its auth token. Then it makes a request to KeyCloak's account service to fetch the user's account data. In the demo app there are three lines of code related to auth. final Account account = am.getAccountsByType("org.keycloak.Account")[0]; String token = am.getAuthToken(account, "org.keycloak.Account.token", null, null, null, null).getResult().getString(AccountManager.KEY_AUTHTOKEN); and provider.setDefaultHeader("Authorization", "bearer " + token); The first two lines fetch the account and token from Android. The second line attaches the account's auth token to the web request to the server. So now what? I'll probably use this for my projects/demos because it makes my work easier. Right now it doesn't have any connection to any of the "official" projects (Again, I wrote this over the weekend to see if I could) however it may be quite useful to someone. In the project's README I've included a (incomplete) list of things that don't work. wdyt? Links : Project : https://github.com/secondsun/keycloak-android-authenticator Video Demo : https://plus.google.com/103442292643366117394/posts/WSFbdodMsej Demo Source : https://github.com/secondsun/keycloak-account-authenticator-demo/ -- Summers Pittman >>Phone:404 941 4698 >>Java is my crack. _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

Amazing Summers! Please turn this list of thing into Jiras if possible.

— abstractj PGP: 0x84DC9914 On Mon, Sep 15, 2014 at 11:36 AM, Summers Pittman <supittma(a)redhat.com&gt; wrote: > <tldr>DEVELOPERS WILL NEVER HAVE TO WRITE ANOTHER LINE OF AUTH LOGIC > AGAIN!</tldr> > > Over the weekend I tried my hand at writing a Android Account > Authenticator for KeyCloak. This lets Android manage the KeyCloak > account, fetch tokens, provide tokens to other apps etc. KeyCloak > Authenticator let's you drop your keycloak.json file into an apk and > access your KeyCloak Account with one line of code from any application > on your Android device. > > Right now this is very much in the "I have an itch needing scratching" > phase. It doesn't do any robust error handling, hasn't been testing off > the golden scenario, has no integration with any of the AeroGear stuff, > etc. Take a moment to watch the Demo and look at the demo project. > > Video Demo : > https://plus.google.com/103442292643366117394/posts/WSFbdodMsej > > The Demo video uses Android's native account menu to request from the > authenticator a KeyCloak account. This launches the authenticator's > activity which will retrieve the credentials for Android and store > them. When I am back in the settings page and showing off the stored > account, this is all native Android UI and not part of the KeyCloak > authenticator. > > When I launch the Demo application this is a separate application from > the authenticator apk. The Demo project fetches the KeyCloak account > from Android and gets its auth token. Then it makes a request to > KeyCloak's account service to fetch the user's account data. > > In the demo app there are three lines of code related to auth. > > final Account account = am.getAccountsByType("org.keycloak.Account")[0]; > String token = am.getAuthToken(account, "org.keycloak.Account.token", > null, null, null, > null).getResult().getString(AccountManager.KEY_AUTHTOKEN); > > and > > provider.setDefaultHeader("Authorization", "bearer " + token); > > The first two lines fetch the account and token from Android. The > second line attaches the account's auth token to the web request to the > server. > > So now what? I'll probably use this for my projects/demos because it > makes my work easier. Right now it doesn't have any connection to any > of the "official" projects (Again, I wrote this over the weekend to see > if I could) however it may be quite useful to someone. In the project's > README I've included a (incomplete) list of things that don't work. > > wdyt? > > Links : > Project : https://github.com/secondsun/keycloak-android-authenticator > Video Demo : > https://plus.google.com/103442292643366117394/posts/WSFbdodMsej > Demo Source : > https://github.com/secondsun/keycloak-account-authenticator-demo/ > > > -- > Summers Pittman > >>Phone:404 941 4698 > >>Java is my crack. > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev > _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

From: "Summers Pittman" <supittma(a)redhat.com&gt; To: "AeroGear Developer Mailing List" <aerogear-dev(a)lists.jboss.org&gt; Sent: Monday, 15 September, 2014 4:36:31 PM Subject: [aerogear-dev] [Android] KeyCloak Authenticator <tldr>DEVELOPERS WILL NEVER HAVE TO WRITE ANOTHER LINE OF AUTH LOGIC AGAIN!</tldr> Over the weekend I tried my hand at writing a Android Account Authenticator for KeyCloak. This lets Android manage the KeyCloak account, fetch tokens, provide tokens to other apps etc. KeyCloak Authenticator let's you drop your keycloak.json file into an apk and access your KeyCloak Account with one line of code from any application on your Android device. Right now this is very much in the "I have an itch needing scratching" phase. It doesn't do any robust error handling, hasn't been testing off the golden scenario, has no integration with any of the AeroGear stuff, etc. Take a moment to watch the Demo and look at the demo project. Video Demo : https://plus.google.com/103442292643366117394/posts/WSFbdodMsej The Demo video uses Android's native account menu to request from the authenticator a KeyCloak account. This launches the authenticator's activity which will retrieve the credentials for Android and store them. When I am back in the settings page and showing off the stored account, this is all native Android UI and not part of the KeyCloak authenticator. When I launch the Demo application this is a separate application from the authenticator apk. The Demo project fetches the KeyCloak account from Android and gets its auth token. Then it makes a request to KeyCloak's account service to fetch the user's account data. In the demo app there are three lines of code related to auth. final Account account = am.getAccountsByType("org.keycloak.Account")[0]; String token = am.getAuthToken(account, "org.keycloak.Account.token", null, null, null, null).getResult().getString(AccountManager.KEY_AUTHTOKEN); and provider.setDefaultHeader("Authorization", "bearer " + token); The first two lines fetch the account and token from Android. The second line attaches the account's auth token to the web request to the server. So now what? I'll probably use this for my projects/demos because it makes my work easier. Right now it doesn't have any connection to any of the "official" projects (Again, I wrote this over the weekend to see if I could) however it may be quite useful to someone. In the project's README I've included a (incomplete) list of things that don't work. wdyt? Links : Project : https://github.com/secondsun/keycloak-android-authenticator Video Demo : https://plus.google.com/103442292643366117394/posts/WSFbdodMsej Demo Source : https://github.com/secondsun/keycloak-account-authenticator-demo/ -- Summers Pittman >>Phone:404 941 4698 >>Java is my crack. _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

Hello I think indeed this is an interesting feature to have. We don’t have the same extensible AccountManager in iOS. You can configure social access but the list of available providers is not extensible (not yet at least). However, in aerogear-ios-oauth2 we have an AccountManager capable of easily creating fb, google oauth2 module and we should also have a keycloack one. See https://github.com/corinnekrych/aerogear-ios-oauth2-1/blob/AGIOS-193/Aero... @summers Similarly as you demo it, for Keycloak it would be nice to create the config file from json Thinking further I think this easy configuration or config integration with os should go on a separate module, it should not be part of oauth2 module. I would suggest a social module. wdyt? ++ Corinne On 16 Sep 2014, at 08:42, Stian Thorgersen <stian(a)redhat.com&gt; wrote: > Really, really nice :) IMO this is absolutely something that should be pursued. > > We need to figure out where mobile adapters for Keycloak should live. I'm inclined to think that Keycloak itself shouldn't have mobile adapters, but instead we'll have references on our webpages and documentation to point folks towards AeroGear. > > ----- Original Message ----- >> From: "Summers Pittman" <supittma(a)redhat.com&gt; >> To: "AeroGear Developer Mailing List" <aerogear-dev(a)lists.jboss.org&gt; >> Sent: Monday, 15 September, 2014 4:36:31 PM >> Subject: [aerogear-dev] [Android] KeyCloak Authenticator >> >> <tldr>DEVELOPERS WILL NEVER HAVE TO WRITE ANOTHER LINE OF AUTH LOGIC >> AGAIN!</tldr> >> >> Over the weekend I tried my hand at writing a Android Account >> Authenticator for KeyCloak. This lets Android manage the KeyCloak >> account, fetch tokens, provide tokens to other apps etc. KeyCloak >> Authenticator let's you drop your keycloak.json file into an apk and >> access your KeyCloak Account with one line of code from any application >> on your Android device. >> >> Right now this is very much in the "I have an itch needing scratching" >> phase. It doesn't do any robust error handling, hasn't been testing off >> the golden scenario, has no integration with any of the AeroGear stuff, >> etc. Take a moment to watch the Demo and look at the demo project. >> >> Video Demo : >> https://plus.google.com/103442292643366117394/posts/WSFbdodMsej >> >> The Demo video uses Android's native account menu to request from the >> authenticator a KeyCloak account. This launches the authenticator's >> activity which will retrieve the credentials for Android and store >> them. When I am back in the settings page and showing off the stored >> account, this is all native Android UI and not part of the KeyCloak >> authenticator. >> >> When I launch the Demo application this is a separate application from >> the authenticator apk. The Demo project fetches the KeyCloak account >> from Android and gets its auth token. Then it makes a request to >> KeyCloak's account service to fetch the user's account data. >> >> In the demo app there are three lines of code related to auth. >> >> final Account account = am.getAccountsByType("org.keycloak.Account")[0]; >> String token = am.getAuthToken(account, "org.keycloak.Account.token", >> null, null, null, null).getResult().getString(AccountManager.KEY_AUTHTOKEN); >> >> and >> >> provider.setDefaultHeader("Authorization", "bearer " + token); >> >> The first two lines fetch the account and token from Android. The >> second line attaches the account's auth token to the web request to the >> server. >> >> So now what? I'll probably use this for my projects/demos because it >> makes my work easier. Right now it doesn't have any connection to any >> of the "official" projects (Again, I wrote this over the weekend to see >> if I could) however it may be quite useful to someone. In the project's >> README I've included a (incomplete) list of things that don't work. >> >> wdyt? >> >> Links : >> Project : https://github.com/secondsun/keycloak-android-authenticator >> Video Demo : >> https://plus.google.com/103442292643366117394/posts/WSFbdodMsej >> Demo Source : >> https://github.com/secondsun/keycloak-account-authenticator-demo/ >> >> >> -- >> Summers Pittman >>>> Phone:404 941 4698 >>>> Java is my crack. >> >> _______________________________________________ >> aerogear-dev mailing list >> aerogear-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/aerogear-dev >> > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev

On 9/16/2014 3:45 AM, Corinne Krych wrote: > Hello > > I think indeed this is an interesting feature to have. > > We don’t have the same extensible AccountManager in iOS. You can configure social access but the list of available providers is not extensible (not yet at least). > However, in aerogear-ios-oauth2 we have an AccountManager capable of easily creating fb, google oauth2 module and we should also have a keycloack one. > See > https://github.com/corinnekrych/aerogear-ios-oauth2-1/blob/AGIOS-193/Aero... > @summers Similarly as you demo it, for Keycloak it would be nice to create the config file from json > > Thinking further I think this easy configuration or config integration with os should go on a separate module, it should not be part of oauth2 module. I would suggest a social module. wdyt? +.5 :) I would like, in Android, to use the OS level integration for authz (including OAuth2). I think this can be done done without changing the APIs too much/ diverging from iOS.

However for the specific modules (keycloak, Google, Facebook) I wouldn't mind separate packages. This is especially so on Android where the Google and Facebook accounts may already be stored locally and not need an extra trip to web land.

> > ++ > Corinne > > On 16 Sep 2014, at 08:42, Stian Thorgersen <stian(a)redhat.com&gt; wrote: > >> Really, really nice :) IMO this is absolutely something that should be pursued. >> >> We need to figure out where mobile adapters for Keycloak should live. I'm inclined to think that Keycloak itself shouldn't have mobile adapters, but instead we'll have references on our webpages and documentation to point folks towards AeroGear. >> >> ----- Original Message ----- >>> From: "Summers Pittman" <supittma(a)redhat.com&gt; >>> To: "AeroGear Developer Mailing List" <aerogear-dev(a)lists.jboss.org&gt; >>> Sent: Monday, 15 September, 2014 4:36:31 PM >>> Subject: [aerogear-dev] [Android] KeyCloak Authenticator >>> >>> <tldr>DEVELOPERS WILL NEVER HAVE TO WRITE ANOTHER LINE OF AUTH LOGIC >>> AGAIN!</tldr> >>> >>> Over the weekend I tried my hand at writing a Android Account >>> Authenticator for KeyCloak. This lets Android manage the KeyCloak >>> account, fetch tokens, provide tokens to other apps etc. KeyCloak >>> Authenticator let's you drop your keycloak.json file into an apk and >>> access your KeyCloak Account with one line of code from any application >>> on your Android device. >>> >>> Right now this is very much in the "I have an itch needing scratching" >>> phase. It doesn't do any robust error handling, hasn't been testing off >>> the golden scenario, has no integration with any of the AeroGear stuff, >>> etc. Take a moment to watch the Demo and look at the demo project. >>> >>> Video Demo : >>> https://plus.google.com/103442292643366117394/posts/WSFbdodMsej >>> >>> The Demo video uses Android's native account menu to request from the >>> authenticator a KeyCloak account. This launches the authenticator's >>> activity which will retrieve the credentials for Android and store >>> them. When I am back in the settings page and showing off the stored >>> account, this is all native Android UI and not part of the KeyCloak >>> authenticator. >>> >>> When I launch the Demo application this is a separate application from >>> the authenticator apk. The Demo project fetches the KeyCloak account >>> from Android and gets its auth token. Then it makes a request to >>> KeyCloak's account service to fetch the user's account data. >>> >>> In the demo app there are three lines of code related to auth. >>> >>> final Account account = am.getAccountsByType("org.keycloak.Account")[0]; >>> String token = am.getAuthToken(account, "org.keycloak.Account.token", >>> null, null, null, null).getResult().getString(AccountManager.KEY_AUTHTOKEN); >>> >>> and >>> >>> provider.setDefaultHeader("Authorization", "bearer " + token); >>> >>> The first two lines fetch the account and token from Android. The >>> second line attaches the account's auth token to the web request to the >>> server. >>> >>> So now what? I'll probably use this for my projects/demos because it >>> makes my work easier. Right now it doesn't have any connection to any >>> of the "official" projects (Again, I wrote this over the weekend to see >>> if I could) however it may be quite useful to someone. In the project's >>> README I've included a (incomplete) list of things that don't work. >>> >>> wdyt? >>> >>> Links : >>> Project : https://github.com/secondsun/keycloak-android-authenticator >>> Video Demo : >>> https://plus.google.com/103442292643366117394/posts/WSFbdodMsej >>> Demo Source : >>> https://github.com/secondsun/keycloak-account-authenticator-demo/ >>> >>> >>> -- >>> Summers Pittman >>>>> Phone:404 941 4698 >>>>> Java is my crack. >>> _______________________________________________ >>> aerogear-dev mailing list >>> aerogear-dev(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev >>> >> _______________________________________________ >> aerogear-dev mailing list >> aerogear-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/aerogear-dev > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev