Hi all,

I'm having trouble getting access to the oauth tokens that should be returned from the user authenticating with Twitter via the Keycloak login page.

FYI, this is cross-posted on SO (http://stackoverflow.com/questions/37257623/accessing-user-oauth-tokens-returned-by-keycloak).

-----
I have a Keycloak (standalone) v1.9.4.Final install setup using Wildfly 10 on an AWS instance and am trying to use keycloak (via keycloak's login page) and Twitter4j to authenticate a user with Twitter and then obviously have my application authenticate and view the users timeline, etc.

I have configured the Identity Provider (Twitter), the realm and my client application.

I also have a Twitter application setup at apps.twitter.com and the keys put into my twitter4j.properties file.

So far, I am able to:

  1. Go to my application's JSF webpage and get redirected to Keycloak's /auth login page
  2. Click the Twitter logo and login with my Twitter account (separate account from the account that owns the Twitter application)
  3. Complete the user information that Keycloak asks for
  4. After completing the user information, Keycloak successfully directs the user back to the client application (in this case, a JSF page).

The problem is, I can't figure out how to get access to the users OAuth AccessToken and AccessTokenSecret to combine with the Twitter application's ConsumerKey and ConsumerKeySecret.

I'm trying to get the tokens from the FacesContext, but I suspect that context would not have it.

        HttpSession httpSession = (HttpSession) facesContext.getExternalContext().getSession(false);
        KeycloakSecurityContext keycloakContext = (RefreshableKeycloakSecurityContext) httpSession.getAttribute(KeycloakSecurityContext.class.getName());
-------
Taking a page from the twitter broker demo, we used the KeyCloakSecurityContext held in the FacesContext's HTTPSession to get the Bearer token, dropped the demo's TwitterOAuthResponse class into our project and made a REST call to the realm's twitter token endpoint using the, but then we got a permission denied saying the client did not have access to the identity providers token.

Any help would be greatly appreciated!


-- 
Brooks Isoldi, Software Developer

Traversed
7164 Columbia Gateway Drive, Suite 120A
Columbia, MD 21046