Thanks Marek

I saw here app gains the accessToken, but did not see where this `/auth` api is implemented. I want to learn how to I do the same thing of exposing `/auth` api to generate tokens

I did not see anything in pom.xml either. seems like magic to me at the moment. Any guidance here?

Thanks


On Tue, Jul 29, 2014 at 12:25 AM, Marek Posolda <mposolda@redhat.com> wrote:
Hi,

the best is to start with documentation http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/index.html and also look at existing examples https://github.com/keycloak/keycloak/tree/master/examples . Probably most useful for you might be https://github.com/keycloak/keycloak/tree/master/examples/demo-template . It has restful application "database-service", where you can send secured REST requests with the bearer token attached to them. Other applications in the directory are web applications, which obtain bearer token from the Keycloak login . Product-portal and customer-portal are JEE applications secured by Keycloak itself, third-party and third-party-cdi is more traditional OAuth where token is used just to retrieve the secured data from "database-service" . See the README for more info.

Example for CORS support is here: https://github.com/keycloak/keycloak/tree/master/examples/cors

Marek


On 25.7.2014 23:04, Harit Himanshu wrote:
Hey Team,

I am been looking for answer to http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis and found that keycloak is suitable for securing REST APIs using OAuth 2.0.

I am looking for example where the following is demonstrated
a.) Third-party app registers and gets Access Token
b.) Third-Party app accesses Resource Server to access protected resource by sending Access Token to REST API
c.) and How Token is validated.


It is mentioned in features of keycloak as  
  • OAuth Bearer token auth for REST Services
  • OAuth 2.0 Grant requests
  • CORS Support
Can you please guide me through examples?

Thank you


On Fri, Jul 25, 2014 at 2:00 PM, Harit Himanshu <harit.subscriptions@gmail.com> wrote:
Hey Team,

I am been looking for answer to http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis and found that keycloak is suitable for securing REST APIs using OAuth 2.0.

I am looking for example where the following is demonstrated
a.) Third-party app registers and gets Access Token
b.) Third-Party app accesses Resource Server to access protected resource by sending Access Token to REST API
c.) and How Token is validated.


It is mentioned in features of keycloak as  
  • OAuth Bearer token auth for REST Services
  • OAuth 2.0 Grant requests
  • CORS Support
Can you please guide me through examples?

Thank you
+ Harit Himanshu



_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev