Thanks Marek
I saw here
<
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/a...
app
gains the accessToken, but did not see where this `/auth` api is
implemented. I want to learn how to I do the same thing of exposing
`/auth` api to generate tokens
This is example for Direct Grant API. It allows you
to send POST request
to Keycloak including username and password and Keycloak will directly
returns you accessToken without even displaying Keycloak login screen.
Direct Grant API has some limitations though (password must be known to
your application, SSO won't work, User won't be able to login if he
needs to do some required action (like change password) etc.). So it's
usually better to use proper login flow instead of Direct Grant API. See
here for more info
I did not see anything in pom.xml
<
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/a...
either. seems like magic to me at the moment. Any guidance here?
Thanks
On Tue, Jul 29, 2014 at 12:25 AM, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
Hi,
the best is to start with documentation
http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/index.html
and also look at existing examples
https://github.com/keycloak/keycloak/tree/master/examples .
Probably most useful for you might be
https://github.com/keycloak/keycloak/tree/master/examples/demo-template
. It has restful application "database-service", where you can
send secured REST requests with the bearer token attached to them.
Other applications in the directory are web applications, which
obtain bearer token from the Keycloak login . Product-portal and
customer-portal are JEE applications secured by Keycloak itself,
third-party and third-party-cdi is more traditional OAuth where
token is used just to retrieve the secured data from
"database-service" . See the README for more info.
Example for CORS support is here:
https://github.com/keycloak/keycloak/tree/master/examples/cors
Marek
On 25.7.2014 23:04, Harit Himanshu wrote:
> Hey Team,
>
> I am been looking for answer to
>
http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-... and
> found that keycloak is suitable for securing REST APIs using
> OAuth 2.0.
>
> I am looking for example where the following is demonstrated
> a.) Third-party app registers and gets Access Token
> b.) Third-Party app accesses Resource Server to access protected
> resource by sending Access Token to REST API
> c.) and How Token is validated.
>
>
> It is mentioned in features of keycloak as
>
> * OAuth Bearer token auth for REST Services
> * OAuth 2.0 Grant requests
> * CORS Support
>
> Can you please guide me through examples?
>
> Thank you
>
>
> On Fri, Jul 25, 2014 at 2:00 PM, Harit Himanshu
> <harit.subscriptions(a)gmail.com
> <mailto:harit.subscriptions@gmail.com>> wrote:
>
> Hey Team,
>
> I am been looking for answer to
>
http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-...
> and found that keycloak is suitable for securing REST APIs
> using OAuth 2.0.
>
> I am looking for example where the following is demonstrated
> a.) Third-party app registers and gets Access Token
> b.) Third-Party app accesses Resource Server to access
> protected resource by sending Access Token to REST API
> c.) and How Token is validated.
>
>
> It is mentioned in features of keycloak as
>
> * OAuth Bearer token auth for REST Services
> * OAuth 2.0 Grant requests
> * CORS Support
>
> Can you please guide me through examples?
>
> Thank you
> + Harit Himanshu
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev