On 06 Oct 2014, at 15:18, Stian Thorgersen <stian(a)redhat.com> wrote:
----- Original Message -----
> From: "Corinne Krych" <corinnekrych(a)gmail.com>
> To: "keycloak-user(a)lists.jboss.org" <keycloak-dev(a)lists.jboss.org>
> Sent: Monday, 6 October, 2014 11:09:11 AM
> Subject: [keycloak-dev] Native mobile OAuth2 keycloak flows
>
> Hello Keycloak team,
>
> On native app, our aerogear-oauth2 sdk supports the following flows:
> - oauth2 authz code (publicl client) bearer-only using external browser. See
> Shoot demo.
> - oauth2 refresh grant
> - oauth2 revoke (using logout endpoint to revoke all refresh/access tokens).
>
> We have a iOS demo [1] and its associated backend [2] which shows how to use
> authz code grant on Google, Facebook and Keycloak using aerogear oauth2 sdk
> [3]. For Android we have same level features [4] (just missing the Shoot
> demo).
>
> To come in next release:
> - openID flow based on authz code (need an extra token decoding to get ID
> information) with a ui button “login with your keyclakbackend account”.
> Thanks to Stian I managed the base64url decoding...
> - direct grant (resource owner grant).
> - basic auth support for confidential mode
>
> I’m thinking to do a Keyclaok (only) HelloWorld demo which show all different
> use cases.
>
> Therefore the question: What other use cases do I miss? Feedback welcome.
A few things I can think of:
* SSO - on Android you can add shared accounts (SSO to multiple apps), is something like
this available on iOS
* Social login through Keycloak - does this currently work? Again, does iOS have the
concept of shared accounts for social networks, how can we utilize these?
iOS have shared social networks embedded in the OS directly but it’s not opened. It’s a
place where your put your credentials.
But iOS8 Social.framework is limited to set of providers (Facebook, twitter)
see my blog post on the subject:
http://corinnekrych.blogspot.fr/2014/06/different-ways-to-manage-facebook...
One way to go for SSO will be to store oauth2 token in keychain (as we currently do) and
use sharing data between keychain. I’ll dig that one. Let’s track with:
https://issues.jboss.org/browse/AGIOS-285
* Roles - Keycloak tokens contains permitted roles. Some applications
may wish to show/hide features depending on permissions.
Let me add a ticket for that to enhance Shoot demo.
https://issues.jboss.org/browse/AGIOS-286
Thanks Stian!