Send Aerogear-users mailing list submissions to aerogear-users(a)lists.jboss.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.jboss.org/mailman/listinfo/aerogear-users or, via email, send a message with subject or body 'help' to aerogear-users-request(a)lists.jboss.org You can reach the person managing the list at aerogear-users-owner(a)lists.jboss.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Aerogear-users digest..." Today's Topics: 1. Re: iOS Troubleshooting when server uses a self-signed certificate Swift 3 (Polina Koleva) 2. Keycloak - validate token on server (Doug Drouillard) 3. Re: Keycloak - validate token on server (Summers Pittman) 4. Re: Keycloak - validate token on server (Doug Drouillard) 5. Re: Keycloak - validate token on server (Summers Pittman) ---------------------------------------------------------------------- Message: 1 Date: Mon, 29 May 2017 09:27:59 -0700 (MST) From: Polina Koleva <polina.n.koleva(a)gmail.com&gt; Subject: Re: [Aerogear-users] iOS Troubleshooting when server uses a self-signed certificate Swift 3 To: aerogear-users(a)lists.jboss.org Message-ID: <1496075279116-1117.post(a)n5.nabble.com&gt; Content-Type: text/plain; charset=UTF-8 Hey :) Julio Cesar Sanchez Hernandez wrote > Hi. > > There is something missing on the email you sent. > > You said > I added in my DeviceRegistration.swift file the method: I have added the code but it is not visible in the email. I place it here again (hopefully this time it will work). So this is the implementation of the method: public func urlSession(_session: URLSession, task: URLSessionTask, didReceive challenge: URLAuthenticationChallenge, completionHandler: (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) { if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust && challenge.protectionSpace.host == serverURL.host! { let credentials = URLCredential(trust: challenge.protectionSpace.serverTrust!) completionHandler(Foundation.URLSession.AuthChallengeDisposition. useCredential, credentials) } else { completionHandler(Foundation.URLSession.AuthChallengeDisposition. cancelAuthenticationChallenge, nil) } } Julio Cesar Sanchez Hernandez wrote > Do you see any error message on Xcode console? If yes, share them. Yes, it is written that the server is not trusted because of the self-signed certificate. This is the error: Error Registering with UPS: The certificate for this server is invalid. You might be connecting to a server that is pretending to be ?x.x.x.x? which could put your confidential information at risk. Julio Cesar Sanchez Hernandez wrote > Do you have a paid Apple developer account? Yes, I have a developer account. Julio Cesar Sanchez Hernandez wrote > Are you testing on a real device? Yes, I am testing on a real device. Julio Cesar Sanchez Hernandez wrote > Is the device asking for the push permissions? Yes, the app asks for permission to receive push notifications. But it cannot connect to the server. Julio Cesar Sanchez Hernandez wrote > Is your server available online so I can take a look? No, I am running the ups on my local machine. Thanks. On Mon, May 29, 2017 at 2:57 PM, Polina Koleva &lt;polina.n.koleva@&gt; wrote: > Hey, > I am trying to run Swift 3 HelloWorld app ( HelloWorldSwift > &lt;https://github.com/aerogear/aerogear-ios-cookbook/tree/ &gt; master/UnifiedPushHelloWorld> > ) but I have a problem with the self-signed certificate. > Looking at the documentation ( ios troubleshooting > &lt;https://aerogear.org/docs/unifiedpush/aerogear-push-ios/ &gt; guides/#troubleshooting> > ) and changing it a little bit for Swift 3 , I added in my > DeviceRegistration.swift file the method: > > > > But it still doesn't work. The method is not invoked at all. Do I miss > something? > > Any help will be appreciated. > > Polina > > > > -- > View this message in context: http://aerogear-users.1116366. > n5.nabble.com/iOS-Troubleshooting-when-server-uses-a-self-signed- > certificate-Swift-3-tp1115.html > Sent from the aerogear-users mailing list archive at Nabble.com. > _______________________________________________ > Aerogear-users mailing list > Aerogear-users@.jboss > https://lists.jboss.org/mailman/listinfo/aerogear-users > _______________________________________________ Aerogear-users mailing list Aerogear-users@.jboss https://lists.jboss.org/mailman/listinfo/aerogear-users -- View this message in context: http://aerogear-users.1116366. n5.nabble.com/iOS-Troubleshooting-when-server-uses-a-self-signed- certificate-Swift-3-tp1115p1117.html Sent from the aerogear-users mailing list archive at Nabble.com. ------------------------------ Message: 2 Date: Wed, 31 May 2017 14:36:45 -0400 From: Doug Drouillard <douglas.drouillard(a)gmail.com&gt; Subject: [Aerogear-users] Keycloak - validate token on server To: aerogear-users(a)lists.jboss.org Message-ID: <CAJSu2J6OZWe2miZ5eHg2Ydo9Vip3RE+vt+5yCAcAHg5xceGPrw@mail. gmail.com> Content-Type: text/plain; charset="utf-8" Hello, I am using Aerogear-iOS and I am able to successfully get a JWT from keycloak. Say I pass that JWT to a Java web service (that is not wildfly), is there a way to easily verify the token? The keycloak adapters for undertow and jetty seem beyond my reach. I am using Ninja Framework and the undertow integration does not seem feasible in my time frame. I was hoping to easily validate token on server, but I can't seem to have come across anything. My concern is that I want to disable a user and immediately have them disabled, not wait on expiration in token. I have proposed this question on stack overflow and on the keycloak mailing list with no answers so I was hoping to have some luck here. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/aerogear-users/ attachments/20170531/c2f861b8/attachment-0001.html ------------------------------ Message: 3 Date: Thu, 1 Jun 2017 07:47:35 -0400 From: Summers Pittman <supittma(a)redhat.com&gt; Subject: Re: [Aerogear-users] Keycloak - validate token on server To: aerogear-users(a)lists.jboss.org Message-ID: <CAEQz2CsFi_rkhDrnzDG9GE0fXxhxw16qj983ueF1 vy8RLpT2nw(a)mail.gmail.com&gt; Content-Type: text/plain; charset="utf-8" Are you thinking something like this : https://github.com/auth0/java-jwt#verify-a-token ? On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard < douglas.drouillard(a)gmail.com&gt; wrote: > Hello, > > I am using Aerogear-iOS and I am able to successfully get a JWT from > keycloak. Say I pass that JWT to a Java web service (that is not wildfly), > is there a way to easily verify the token? The keycloak adapters for > undertow and jetty seem beyond my reach. I am using Ninja Framework and the > undertow integration does not seem feasible in my time frame. > I was hoping to easily validate token on server, but I can't seem to have > come across anything. My concern is that I want to disable a user and > immediately have them disabled, not wait on expiration in token. > > I have proposed this question on stack overflow and on the keycloak > mailing list with no answers so I was hoping to have some luck here. > > Thanks. > > _______________________________________________ > Aerogear-users mailing list > Aerogear-users(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/aerogear-users/ attachments/20170601/34c360c8/attachment-0001.html ------------------------------ Message: 4 Date: Mon, 5 Jun 2017 09:11:43 -0400 From: Doug Drouillard <douglas.drouillard(a)gmail.com&gt; Subject: Re: [Aerogear-users] Keycloak - validate token on server To: aerogear-users(a)lists.jboss.org Message-ID: <CAJSu2J7YAAh47A57GzLu3hqkYzpfuOLC=SZNaDCKeMpF+AqNbA@mail. gmail.com> Content-Type: text/plain; charset="utf-8" I ended up forking aerogear and merging in an unmerged PR that exposed Safari View Controller (I am targeting iOS 9+) and then also modified to allow for passing of kc_idp_hint. https://github.com/drouillard/aerogear-ios-oauth2 It is nice and clean and avoids the user experience issues that motivated my original question. E.g. embedded views dont work with Google sign-in and the external safari makes user answer an additional prompt (Open in 'app name') plus risks leaving them in no-persons land if they cancel. For my active account question I likely can just use the Admin API can check outright for if user is enabled. Still researching best Java client to use in my case as it seems like i am in a bearer-only situation. The aerogear code is easier to follow as there is not intermixing of session/server logic like the servlet examples I have seen. Verifying the JWT on local server is easy and likely good enough but I believe there should be a way to verify it with the keycloak server if desired using certificates/possibly open-id end points. I am working in a high fraud situation so need all options available. Will update this thread as they appear in Google search results. On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard < douglas.drouillard(a)gmail.com&gt; wrote: > Hello, > > I am using Aerogear-iOS and I am able to successfully get a JWT from > keycloak. Say I pass that JWT to a Java web service (that is not wildfly), > is there a way to easily verify the token? The keycloak adapters for > undertow and jetty seem beyond my reach. I am using Ninja Framework and the > undertow integration does not seem feasible in my time frame. > I was hoping to easily validate token on server, but I can't seem to have > come across anything. My concern is that I want to disable a user and > immediately have them disabled, not wait on expiration in token. > > I have proposed this question on stack overflow and on the keycloak > mailing list with no answers so I was hoping to have some luck here. > > Thanks. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/aerogear-users/ attachments/20170605/42fca23f/attachment-0001.html ------------------------------ Message: 5 Date: Mon, 5 Jun 2017 14:42:36 -0400 From: Summers Pittman <supittma(a)redhat.com&gt; Subject: Re: [Aerogear-users] Keycloak - validate token on server To: aerogear-users(a)lists.jboss.org Message-ID: <CAEQz2Cs7_Nc9SYaPNmVhe3kRfx=6mWBdC4o58zX9jRgXt_Wknw@mail. gmail.com> Content-Type: text/plain; charset="utf-8" On Mon, Jun 5, 2017 at 9:11 AM, Doug Drouillard < douglas.drouillard(a)gmail.com&gt; wrote: > I ended up forking aerogear and merging in an unmerged PR that exposed > Safari View Controller (I am targeting iOS 9+) and then also modified to > allow for passing of kc_idp_hint. > > https://github.com/drouillard/aerogear-ios-oauth2 > > It is nice and clean and avoids the user experience issues that motivated > my original question. E.g. embedded views dont work with Google sign-in and > the external safari makes user answer an additional prompt (Open in 'app > name') plus risks leaving them in no-persons land if they cancel. > > For my active account question I likely can just use the Admin API can > check outright for if user is enabled. > > Still researching best Java client to use in my case as it seems like i am > in a bearer-only situation. The aerogear code is easier to follow as there > is not intermixing of session/server logic like the servlet examples I have > seen. > Verifying the JWT on local server is easy and likely good enough but I > believe there should be a way to verify it with the keycloak server if > desired using certificates/possibly open-id end points. I am working in a > high fraud situation so need all options available. > > Will update this thread as they appear in Google search results. > +1 Thanks for the feedback, and I will keep an eye out for your updates. > > On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard < > douglas.drouillard(a)gmail.com&gt; wrote: > >> Hello, >> >> I am using Aerogear-iOS and I am able to successfully get a JWT from >> keycloak. Say I pass that JWT to a Java web service (that is not wildfly), >> is there a way to easily verify the token? The keycloak adapters for >> undertow and jetty seem beyond my reach. I am using Ninja Framework and the >> undertow integration does not seem feasible in my time frame. >> I was hoping to easily validate token on server, but I can't seem to have >> come across anything. My concern is that I want to disable a user and >> immediately have them disabled, not wait on expiration in token. >> >> I have proposed this question on stack overflow and on the keycloak >> mailing list with no answers so I was hoping to have some luck here. >> >> Thanks. >> > > > _______________________________________________ > Aerogear-users mailing list > Aerogear-users(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/aerogear-users/ attachments/20170605/882e972c/attachment.html ------------------------------ _______________________________________________ Aerogear-users mailing list Aerogear-users(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-users End of Aerogear-users Digest, Vol 33, Issue 1 *********************************************