----- Original Message -----
From: "Corinne Krych" <corinnekrych(a)gmail.com>
To: "keycloak-user(a)lists.jboss.org" <keycloak-dev(a)lists.jboss.org>
Sent: Monday, 6 October, 2014 11:09:11 AM
Subject: [keycloak-dev] Native mobile OAuth2 keycloak flows
Hello Keycloak team,
On native app, our aerogear-oauth2 sdk supports the following flows:
- oauth2 authz code (publicl client) bearer-only using external browser. See
Shoot demo.
- oauth2 refresh grant
- oauth2 revoke (using logout endpoint to revoke all refresh/access tokens).
We have a iOS demo [1] and its associated backend [2] which shows how to use
authz code grant on Google, Facebook and Keycloak using aerogear oauth2 sdk
[3]. For Android we have same level features [4] (just missing the Shoot
demo).
To come in next release:
- openID flow based on authz code (need an extra token decoding to get ID
information) with a ui button “login with your keyclakbackend account”.
Thanks to Stian I managed the base64url decoding...
- direct grant (resource owner grant).
- basic auth support for confidential mode
I’m thinking to do a Keyclaok (only) HelloWorld demo which show all different
use cases.
Therefore the question: What other use cases do I miss? Feedback welcome.
A few things I can think of:
* SSO - on Android you can add shared accounts (SSO to multiple apps), is something like
this available on iOS
* Social login through Keycloak - does this currently work? Again, does iOS have the
concept of shared accounts for social networks, how can we utilize these?
* Roles - Keycloak tokens contains permitted roles. Some applications may wish to
show/hide features depending on permissions.