Re: [keycloak-dev] Login with Access Token

It's code that is currently changing as we're working on adding enterprise IdP's as well as social IdP's we have at the moment. I think the correct approach would be to use the direct grant api, which currently lets you exchange a username + password for a Keycloak token, we could add an option here to pass in a token from an external IdP to exchange for a internal Keycloak token. If you're interested in looking at the code look at OpenIDConnectService.grantAccessToken. There's no work-around that you can do due to security restrictions in Keycloak. Keycloak makes sure that the callback can only be called if it indeed made the original request. ----- Original Message ----- > From: "Christian Beikov" <christian.beikov(a)gmail.com&gt; > To: "Stian Thorgersen" <stian(a)redhat.com&gt; > Sent: Wednesday, 3 December, 2014 9:11:55 AM > Subject: Re: [keycloak-dev] Login with Access Token > > Thanks for the quick answer. Could you maybe give me a hint on how I could > implement that in a quick-and-dirty way? Could I maybe do some iframe magic > in a hidden webview to do the login? I am not quite sure how the social > login works exactly. Facebook will redirect me back to the social callback > address after a login, but how does keycloak actually retrieve that access > token? If I knew that, I could maybe create a workaround for now and maybe > also contribute something? :) > > 2014-12-03 8:48 GMT+01:00 Stian Thorgersen <stian(a)redhat.com&gt;: > > > > > > > ----- Original Message ----- > > > From: "Christian Beikov" <christian.beikov(a)gmail.com&gt; > > > To: keycloak-dev(a)lists.jboss.org > > > Sent: Tuesday, 2 December, 2014 6:58:42 PM > > > Subject: [keycloak-dev] Login with Access Token > > > > > > Hello! > > > > > > I am new to OAuth so sorry if my question is dumb. > > > I have an App which wants to provide a custom and Facebook login. Since > > many > > > people already have the Facebook App installed, I thought it might be > > better > > > to give them the native experience and use the Facebook SDK to implement > > the > > > login. > > > The problem now is, that I have the Access Token from the successful > > Facebook > > > login, but don't know how to properly login at the Keycloak server with > > > that. > > > > > > Any ideas on how to do that? Or is that even stupid and is there a better > > > way? > > > > Not at all a dumb question and we actually had someone else ask the same > > last week. > > > > Currently, Keycloak does not support this flow, but it something we may > > consider adding. > > > > > -- > > > > > > Mit freundlichen Grüßen, > > > > > > Christian Beikov > > > > > > _______________________________________________ > > > keycloak-dev mailing list > > > keycloak-dev(a)lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-dev > > > > > > -- > > Mit freundlichen Grüßen, > > > *Christian Beikov*Blazebit Design & Developing > http://www.blazebit.com >