8:29 a.m.
Hi,
I'm pretty new to Keycloak development and at the moment I'm trying to develop
some demo extensions to learn how SPI's an stuff like that work in Keycloak.
My Question is:
Is there a util- or helper-class which I can use to generate an secure token string in my
extension code (pretty much the same as an oauth access or refresh token)?
I was not able to find something In the Keycloak code, but maybe there is something like
that.
Thank you in advance,
Felix Peters
8:47 a.m.
Hello Felix,
What's your use case?
Keycloak provides action tokens that permits its bearer to perform some
actions, e. g. to reset a password or validate e-mail address.
Perhaps you could have a look at the action tokens SPI:
http://www.keycloak.org/docs/3.3/server_development/topics/action-token-s...
Keycloaks OIDC Tokens (AccessToken, RefreshToken, IDToken) are generated
within org.keycloak.protocol.oidc.TokenManager and exposed
via the org.keycloak.protocol.oidc.endpoints.TokenEndpoint. Tokens can be
verified via the org.keycloak.RSATokenVerifier.
Cheers,
Thomas
2018-01-23 15:29 GMT+01:00 Felix Peters <peters(a)develop4edu.de>:
Hi,
I'm pretty new to Keycloak development and at the moment I'm trying to
develop some demo extensions to learn how SPI's an stuff like that work in
Keycloak.
My Question is:
Is there a util- or helper-class which I can use to generate an secure
token string in my extension code (pretty much the same as an oauth access
or refresh token)?
I was not able to find something In the Keycloak code, but maybe there is
something like that.
Thank you in advance,
Felix Peters
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
9:46 a.m.
Thanks for your quick response.
I try to implement a prototype of a password-free authenticator like it was mentioned in
this thread: http://lists.jboss.org/pipermail/keycloak-user/2015-October/003387.html
My current approach is to create a token on a rest endpoint and validate this token in an
custom authenticator.
It’s just a POV, but I think a ActionToken can do the job.
I was googleing around for an existing solution for password-free login with Keycloak, but
could not found something like that.
Greeting,
Felix
Von: Thomas Darimont [mailto:thomas.darimont@googlemail.com]
Gesendet: Dienstag, 23. Januar 2018 15:48
An: Felix Peters <peters(a)develop4edu.de>
Cc: keycloak-dev(a)lists.jboss.org
Betreff: Re: [keycloak-dev] WG: How to generate a token string in a custom keycloak
extension?
Hello Felix,
What's your use case?
Keycloak provides action tokens that permits its bearer to perform some actions, e. g. to
reset a password or validate e-mail address.
Perhaps you could have a look at the action tokens SPI:
http://www.keycloak.org/docs/3.3/server_development/topics/action-token-s...
Keycloaks OIDC Tokens (AccessToken, RefreshToken, IDToken) are generated within
org.keycloak.protocol.oidc.TokenManager and exposed
via the org.keycloak.protocol.oidc.endpoints.TokenEndpoint. Tokens can be verified via the
org.keycloak.RSATokenVerifier.
Cheers,
Thomas
2018-01-23 15:29 GMT+01:00 Felix Peters
<peters@develop4edu.de<mailto:peters@develop4edu.de>>:
Hi,
I'm pretty new to Keycloak development and at the moment I'm trying to develop
some demo extensions to learn how SPI's an stuff like that work in Keycloak.
My Question is:
Is there a util- or helper-class which I can use to generate an secure token string in my
extension code (pretty much the same as an oauth access or refresh token)?
I was not able to find something In the Keycloak code, but maybe there is something like
that.
Thank you in advance,
Felix Peters
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org<mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
6:09 a.m.
This should be relatively straightforward by using action token SPI: REST
endpoint would issue the custom action token, then action token handler
would set up the authentication session accordingly. In case you want
deeper integration of the action token flow with authentication flow, check
[1].
[1]
https://github.com/keycloak/keycloak-quickstarts/tree/latest/action-token...
On Tue, Jan 23, 2018 at 4:46 PM, Felix Peters <peters(a)develop4edu.de> wrote:
Thanks for your quick response.
I try to implement a prototype of a password-free authenticator like it
was mentioned in this thread: http://lists.jboss.org/
pipermail/keycloak-user/2015-October/003387.html
My current approach is to create a token on a rest endpoint and validate
this token in an custom authenticator.
It’s just a POV, but I think a ActionToken can do the job.
I was googleing around for an existing solution for password-free login
with Keycloak, but could not found something like that.
Greeting,
Felix
Von: Thomas Darimont [mailto:thomas.darimont@googlemail.com]
Gesendet: Dienstag, 23. Januar 2018 15:48
An: Felix Peters <peters(a)develop4edu.de>
Cc: keycloak-dev(a)lists.jboss.org
Betreff: Re: [keycloak-dev] WG: How to generate a token string in a custom
keycloak extension?
Hello Felix,
What's your use case?
Keycloak provides action tokens that permits its bearer to perform some
actions, e. g. to reset a password or validate e-mail address.
Perhaps you could have a look at the action tokens SPI:
http://www.keycloak.org/docs/3.3/server_development/topics/
action-token-spi.html
Keycloaks OIDC Tokens (AccessToken, RefreshToken, IDToken) are generated
within org.keycloak.protocol.oidc.TokenManager and exposed
via the org.keycloak.protocol.oidc.endpoints.TokenEndpoint. Tokens can be
verified via the org.keycloak.RSATokenVerifier.
Cheers,
Thomas
2018-01-23 15:29 GMT+01:00 Felix Peters <peters(a)develop4edu.de<mailto:
peters(a)develop4edu.de>>:
Hi,
I'm pretty new to Keycloak development and at the moment I'm trying to
develop some demo extensions to learn how SPI's an stuff like that work in
Keycloak.
My Question is:
Is there a util- or helper-class which I can use to generate an secure
token string in my extension code (pretty much the same as an oauth access
or refresh token)?
I was not able to find something In the Keycloak code, but maybe there is
something like that.
Thank you in advance,
Felix Peters
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org<mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
--Hynek
2528
days inactive
2529
days old
3 comments
3 participants
participants (3)
-
Felix Peters -
Hynek Mlnarik -
Thomas Darimont