Re: [keycloak-dev] Support for installed applications added (including example)

Friday, 7 March 2014

Couuldn't a lot of the example be pulled into an adapter library and 
reused?  Also, is there any security hole you've introduced with being 
able to cut/paste the access token from the browser?  If there is a 
public client, can a hacker now get an access token?

Another thing, Android and iOS native apps can redirect to the browser 
(and vice versa), wouldn't that approach be used in mobile over this?

On 3/6/2014 7:15 AM, Stian Thorgersen wrote:
...
 Support for installed applications in form of two special redirect
uris (urn:ietf:wg:oauth:2.0:oob and http://localhost) has been added.

 There's also a basic example. To try it out start the server as normal, create an app
for it (mark it as public). Download the keycloak.json file. Then run:

 # mvn -pl examples/demo-template/customer-app-cli install exec:java
-Dexec.args="<path to keycloak.json>"

 You can then run different commands to try it out. It has two different ways to login the
user:

 * login-desktop: this opens a ServerSocket on a local port, opens the login url in the
browser, after login the ServerSocket is used to retrieve the code
 * login-manual: this uses the 'urn:ietf:wg:oauth:2.0:oob' redirect to display the
code in the browser and the user has to manually copy/paste this into the application
 _______________________________________________
 keycloak-dev mailing list
 keycloak-dev(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-dev

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Re: [keycloak-dev] Support for installed applications added (including example)